[ { "threat_severity": "Low", "public_date": "2018-10-25T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." ], "upstream_fix": "openssl 1.1.1a, openssl 1.1.0j", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0735\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0735" ], "name": "CVE-2018-0735", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.", "An uncontrolled resource consumption vulnerability was discovered in D-Bus. The DBusServer leaks file descriptors when a message exceeds the per-message file descriptor limit. This flaw allows a local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket, to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. As a result, the system may become unusable for other users, and some services may stop working. The highest threat from this vulnerability is to system availability." ], "statement": "This issue did not affect the versions of dbus as shipped with Red Hat Enterprise Linux 5, and 6 as they did not include the vulnerable code.", "upstream_fix": "dbus 1.12.18, dbus 1.10.30, dbus 1.13.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12049\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12049" ], "name": "CVE-2020-12049", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-416->CWE-200", "details": [ "In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354" ], "upstream_fix": "libvpx 1.8.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9433\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9433" ], "name": "CVE-2019-9433", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12697\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12697" ], "name": "CVE-2018-12697", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-14T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.", "It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system." ], "acknowledgement": "This issue was discovered by Lukáš Slebodník (Red Hat) and Sumit Bose.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5277\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5277\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=17079" ], "name": "CVE-2015-5277", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.", "An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code." ], "upstream_fix": "php 5.5.25, php 5.6.9, php 5.4.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4022\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4022" ], "name": "CVE-2015-4022", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-15T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.", "It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied." ], "upstream_fix": "httpd 2.4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3185\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3185\nhttp://httpd.apache.org/security/vulnerabilities_24.html#2.4.16" ], "name": "CVE-2015-3185", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-284", "details": [ "A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1)." ], "upstream_fix": "cups 2.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18190\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18190" ], "name": "CVE-2017-18190", "mitigation": { "value": "Ensure that \"localhost.localdomain\" resolves to 127.0.0.1, for example by adding it to /etc/hosts. This is the default on Red Hat Enterprise Linux 7.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-29T17:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-440", "details": [ "GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions." ], "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15705\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15705" ], "name": "CVE-2020-15705", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index." ], "upstream_fix": "gstreamer1-plugins-good 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5840\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5840" ], "name": "CVE-2017-5840", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-11T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.", "A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. The kernel incorrectly misinterpreted the congestion as an error condition and incorrectly freed or cleaned up the socket buffer (skb). When the device then sent the skb's queued data, these structures were referenced. A local attacker could use this flaw to panic the system (denial of service) or, with a local account, escalate their privileges." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and 7 and Red Hat Enterprise MRG 2 and realtime kernels and may be addressed in a future update.\nThis has been rated as having Moderate security impact and is not currently\nplanned to be addressed in future updates in Red Hat Enterprise Linux 5 and 6 . For additional information, refer to the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Venkatesh Pottem (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8812\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8812" ], "name": "CVE-2015-8812", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1833\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1833" ], "name": "CVE-2016-1833", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18384\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18384" ], "name": "CVE-2018-18384", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-23T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable name, as demonstrated by /var/tmp/abrt/abrt-hax-coredump or /var/spool/abrt/abrt-hax-coredump.", "It was discovered that the kernel-invoked coredump processor provided by ABRT did not handle symbolic links correctly when writing core dumps of ABRT programs to the ABRT dump directory (/var/spool/abrt). A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges." ], "acknowledgement": "Red Hat would like to thank Philip Pettersson (Samsung) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5287\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5287" ], "name": "CVE-2015-5287", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." ], "upstream_fix": "sqlite 3.31.0, chromium-browser 79.0.3945.79", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13734\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13734\nhttps://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" ], "name": "CVE-2019-13734", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-12T12:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.", "A flaw was found in dovecot. An attacker can use the way dovecot handles RPA (Remote Passphrase Authentication) to crash the authentication process repeatedly preventing login. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank the Dovecot project for reporting this issue.", "upstream_fix": "dovecot 2.3.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12674\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12674\nhttps://dovecot.org/pipermail/dovecot-news/2020-August/000443.html" ], "name": "CVE-2020-12674", "mitigation": { "value": "Upstream suggests that this flaw can be mitigated by disabling RPA (Remote Passphrase Authentication). RPA can be disabled by using the configuration parameter \"auth_mechanisms\". More details available at: https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip." ], "statement": "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "upstream_fix": "bootstrap 4.1.2, bootstrap 3.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14042\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14042" ], "name": "CVE-2018-14042", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8686\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8686\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8686", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.", "A flaw was found in the way the Intel Wireless driver in the Linux kernel handled resource cleanup during Gen 3 device initialization. This flaw allows an attacker with the ability to restrict access to DMA coherent memory on device initialization, to crash the system." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (ability to restrict access to dma coherent memory on device initialization).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19059\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19059" ], "name": "CVE-2019-19059", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlwifi. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15854\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15854" ], "name": "CVE-2018-15854", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-09T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-22", "details": [ "Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.", "A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application." ], "acknowledgement": "Red Hat would like to thank Stephane Chazelas for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0475\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0475" ], "name": "CVE-2014-0475", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference in the function ReadPANGOImage in coders/pango.c and the function ReadVIDImage in coders/vid.c in ImageMagick 7.0.8-34 allows remote attackers to cause a denial of service via a crafted image." ], "upstream_fix": "ImageMagick 6.9.10-35, ImageMagick 7.0.8-35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12974\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12974" ], "name": "CVE-2019-12974", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-17T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." ], "upstream_fix": "jasper 1.900.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8883\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8883" ], "name": "CVE-2016-8883", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-09-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.", "A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances." ], "upstream_fix": "gnutls 3.4.15, gnutls 3.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7444\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7444\nhttps://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html\nhttps://www.gnutls.org/security.html" ], "name": "CVE-2016-7444", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." ], "upstream_fix": "jasper 1.900.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9393\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9393" ], "name": "CVE-2016-9393", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.4", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-20->CWE-805->(CWE-125|CWE-787)", "details": [ "The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function.", "Multiple out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8098\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8098\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8098", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3901\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3901\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3901", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.", "A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1950\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1950\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-35" ], "name": "CVE-2016-1950", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6601\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6601\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2014-6601", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2964\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2964" ], "name": "CVE-2019-2964", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119->CWE-122", "details": [ "WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597." ], "upstream_fix": "ImageMagick 6.9.10-43, ImageMagick 7.0.8-43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15141\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15141" ], "name": "CVE-2019-15141", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-682", "details": [ "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled." ], "statement": "This issue does not affect the version of openldap package as shipped with Red Hat Enterprise Linux 5.\nThis issue does not affect the version of openldap package as shipped with Red Hat Enterprise Linux 8.", "acknowledgement": "This issue was discovered by Martin Poole (Red Hat Software Maintenance Engineering group).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3276\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3276" ], "name": "CVE-2015-3276", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.", "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18017\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18017" ], "name": "CVE-2017-18017", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-17T17:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.", "A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124." ], "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "upstream_fix": "procps-ng 3.3.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1126\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1126\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" ], "name": "CVE-2018-1126", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N)." ], "upstream_fix": "mariadb 10.3.9, mariadb 10.1.35, mariadb 5.5.61, mariadb 10.2.17, mariadb 10.0.36, mysql 5.7.23, mysql 5.6.41, mysql 5.5.61", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3066\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3066\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" ], "name": "CVE-2018-3066", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation." ], "upstream_fix": "dhcp 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6470\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6470\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122" ], "name": "CVE-2019-6470", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the HIP dissector in Wireshark 1.12.x before 1.12.1 does not properly handle a NULL tree, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6426\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6426\nhttps://www.wireshark.org/security/wnpa-sec-2014-16.html" ], "name": "CVE-2014-6426", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-697->CWE-305", "details": [ "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", "It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as \"kad/x\") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9422\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9422\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-9422", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16423\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16423\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16423", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-805", "details": [ "An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7225\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7225" ], "name": "CVE-2018-7225", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-732", "details": [ "In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.", "A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the \"noacl\" mount option). This flaw allows a local attacker with a user privilege to cause a kernel information leak problem." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-24394\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24394" ], "name": "CVE-2020-24394", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-05-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-415", "details": [ "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.", "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system." ], "statement": "The impact is Moderate, because the double free happens during flush procedure, and no use of incorrect data during flush finishing even if double free could happen without kernel crash.", "acknowledgement": "Red Hat would like to thank HaoXiong, LinMa (ckSec) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3564\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3564\nhttps://www.openwall.com/lists/oss-security/2021/05/25/1" ], "name": "CVE-2021-3564", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.", "A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory." ], "upstream_fix": "kernel 4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13305\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13305" ], "name": "CVE-2017-13305", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8679\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8679\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8679", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-14T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", "A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3119\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3119" ], "name": "CVE-2016-3119", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-862|CWE-306)", "details": [ "When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2." ], "upstream_fix": "Firefox 68.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11733\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11733\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-24/" ], "name": "CVE-2019-11733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8812\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8812\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8812", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.", "A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process." ], "upstream_fix": "samba 4.4.8, samba 4.5.3, samba 4.3.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2126\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2126\nhttps://www.samba.org/samba/security/CVE-2016-2126.html" ], "name": "CVE-2016-2126", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-179", "details": [ "util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6764\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6764" ], "name": "CVE-2018-6764", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-25T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.", "A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, 7, MRG-2 and realtime and will be addressed in future updates.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9555\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9555" ], "name": "CVE-2016-9555", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.", "It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as a code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15649\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15649" ], "name": "CVE-2017-15649", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.", "The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service." ], "statement": "If you're not running container images, or creating net namepaces exposed to potentially malicious workloads this issue has a security impact of moderate. This issue has an important impact if the system is being used to run container images with untrusted content, such as an OpenShift Container Platform compute node.", "acknowledgement": "Red Hat would like to thank Christian Brauner for reporting this issue.", "upstream_fix": "kernel 4.15-rc8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14646\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14646" ], "name": "CVE-2018-14646", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-07T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither." ], "statement": "Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8130\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8130" ], "name": "CVE-2014-8130", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1." ], "upstream_fix": "squid 4.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12525\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12525\nhttp://www.squid-cache.org/Advisories/SQUID-2019_3.txt" ], "name": "CVE-2019-12525", "mitigation": { "value": "Remove 'auth_param digest ...' configuration settings from squid.conf.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-09-30T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-129->CWE-119", "details": [ "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.", "A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary code as the user running the rsyslog daemon." ], "acknowledgement": "Red Hat would like to thank Rainer Gerhards (rsyslog upstream) for reporting this issue.", "upstream_fix": "rsyslog 8.4.1, rsyslog 7.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3634\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3634\nhttp://www.rsyslog.com/remote-syslog-pri-vulnerability/" ], "name": "CVE-2014-3634", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." ], "upstream_fix": "jasper 1.900.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9392\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9392" ], "name": "CVE-2016-9392", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.", "A flaw was found in the Linux kernel in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user (\"root\") to achieve an out-of-bounds write and thus receiving user space buffer corruption." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9516\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9516" ], "name": "CVE-2018-9516", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-26T15:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.", "A heap-based buffer overflow, when processing chunked encoded HTTP responses, was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code." ], "statement": "This issue affects the versions of wget as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of wget as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank the GNU Wget project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13090\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13090\nhttps://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html" ], "name": "CVE-2017-13090", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().", "A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7, realtime, MRG-2 prior to version kernel-3.10.0-781.\nThe kernel-alt package already as shipped contains this fix.", "acknowledgement": "This issue was discovered by Andrea Arcangeli (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15126\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15126" ], "name": "CVE-2017-15126", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-772", "details": [ "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs." ], "upstream_fix": "libxml2 2.9.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19956\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19956" ], "name": "CVE-2019-19956", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3855\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3855\nhttps://www.libssh2.org/CVE-2019-3855.html" ], "name": "CVE-2019-3855", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the alloc_workqueue return was not validated and causes a denial of service at the time of failure. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16231\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16231\nhttps://lkml.org/lkml/2019/9/9/487\nhttps://security.netapp.com/advisory/ntap-20191004-0001/" ], "name": "CVE-2019-16231", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-841", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2655\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2655" ], "name": "CVE-2020-2655", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.", "An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Emilia Käsper as the original reporter.", "upstream_fix": "openssl 0.9.8zf, openssl 1.0.0r, openssl 1.0.1m, openssl 1.0.2a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0287\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0287\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0287", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs." ], "upstream_fix": "mariadb 10.1.8, mariadb 10.0.21, mariadb 5.5.45, mysql 5.5.45, mysql 5.6.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4819\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4819\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4819", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-18T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "(CWE-122|CWE-125)", "details": [ "The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.", "A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory." ], "statement": "This issue did not affect versions of grep as shipped in Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1345\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1345" ], "name": "CVE-2015-1345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.", "A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more than 16(2^4) or 256(2^8) colors." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12181\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12181" ], "name": "CVE-2018-12181", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-12T18:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.", "A flaw was found in Intel graphics hardware (GPU) where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected displays will remain unusable until a reboot occurs." ], "statement": "Intel plans to release BIOS firmware to correct this issue. Red Hat's kernel update should mitigate this vulnerability. Some older hardware will not have BIOS firmware update and will rely on operating system level protection to prevent access while the device is in low-power states. For more information see https://access.redhat.com/solutions/i915-graphics", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0154\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0154\nhttps://access.redhat.com/solutions/i915-graphics\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html" ], "name": "CVE-2019-0154", "mitigation": { "value": "Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system however the power management functionality of the card will be disabled and the system may draw additional power. See this KCS article (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if running graphical tools locally is required.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).", "It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool." ], "upstream_fix": "mariadb 5.5.53, mariadb 10.0.28, mariadb 10.1.19, mysql 5.7.18, mysql 5.5.55, mysql 5.6.36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3600\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3600\nhttps://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/\nhttps://blog.tarq.io/cve-2016-5483-galera-remote-command-execution-via-crafted-database-name/" ], "name": "CVE-2017-3600", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Gem::GemcutterUtilities#with_response may output the API response to stdout as it is. Therefore, if the API side modifies the response, escape sequence injection may occur." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8323\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8323" ], "name": "CVE-2019-8323", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5202\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5202" ], "name": "CVE-2017-5202", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4221\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4221\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4221", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.", "A use-after-free flaw was found in qfq_dequeue and agg_dequeue in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This issue may allow a local user to crash the system or escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4921\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4921\nhttps://github.com/torvalds/linux/commit/8fc134fee27f2263988ae38920bc03da416b03d8" ], "name": "CVE-2023-4921", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module sch_qfq onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5185\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5185\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185" ], "name": "CVE-2018-5185", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this issue also exists in the upstream libnl before 3.3.0 library.", "An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0553\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0553" ], "name": "CVE-2017-0553", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3864\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3864\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3864", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.", "A heap-based buffer overflow was discovered in ImageMagick in the way it parses images when using the evaluate-sequence option. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence option or function EvaluateImages may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code." ], "upstream_fix": "ImageMagick 7.0.8-50, ImageMagick 6.9.10-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13307\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13307" ], "name": "CVE-2019-13307", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-25T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-266", "details": [ "Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.", "A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table)." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2069\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2069\nhttp://seclists.org/oss-sec/2016/q1/194" ], "name": "CVE-2016-2069", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5341\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5341" ], "name": "CVE-2017-5341", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.", "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13405\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13405" ], "name": "CVE-2018-13405", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-05T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, as there is no user namespace support in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by Eric W. Biederman (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4581\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4581" ], "name": "CVE-2016-4581", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-01T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-393", "details": [ "arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.", "A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and\nmaintenance life cycle. This has been rated as having Low security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat Enterprise Linux Life\nCycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2830\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2830" ], "name": "CVE-2015-2830", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file." ], "statement": "Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.", "acknowledgement": "Red Hat would like to thank Hosein Askari for reporting this issue.", "upstream_fix": "poppler 0.67.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13988\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13988" ], "name": "CVE-2018-13988", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePDBImage in coders/pdb.c." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 6.9.9-40, ImageMagick 7.0.7-29", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17966\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17966" ], "name": "CVE-2018-17966", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8563\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8563" ], "name": "CVE-2019-8563", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7664\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7664" ], "name": "CVE-2019-7664", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-78", "details": [ "backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a \"--\" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.", "It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program." ], "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000083\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000083" ], "name": "CVE-2017-1000083", "mitigation": { "value": "- Disabling evince-thumbnailer to render icons will reduce the attack surface (removing /usr/share/thumbnailers/evince.thumbnailer).\n- SELinux in enforcing mode partially restricts evince-thumbnailer", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability.", "A shell command injection flaw related to the handling of \"ssh\" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a \"clone\" action on a malicious repository or a legitimate repository containing a malicious commit." ], "upstream_fix": "git 2.7.6, git 2.13.5, git 2.10.4, git 2.8.6, git 2.11.3, git 2.12.4, git 2.9.5, git 2.14.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000117\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000117\nhttp://blog.recurity-labs.com/2017-08-10/scm-vulns\nhttps://lkml.org/lkml/2017/8/10/757" ], "name": "CVE-2017-1000117", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-200", "details": [ "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.", "A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures." ], "statement": "This flaw is rated as having Moderate impact because the information leak is limited.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8647\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8647" ], "name": "CVE-2020-8647", "mitigation": { "value": "The attack vector can be significantly reduced by preventing users from being able to log into the local virtual console.\nSee the instructions on disabling local login here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pam_configuration_files , See the section on \"pam_console\" to deny users logging into the console. This mechanism should work from el6 forward to current versions of Red Hat Enterprise Linux.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3261\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3261" ], "name": "CVE-2017-3261", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.", "An out-of-bounds write vulnerability was found in the Linux kernel's vmw_surface_define_ioctl() function, in the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code where the flaw was found is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7294\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7294" ], "name": "CVE-2017-7294", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.", "A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file." ], "statement": "This issue did not affect the php and the file packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of file as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Francisco Alonso (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3480\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3480" ], "name": "CVE-2014-3480", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", "This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128." ], "statement": "All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", "upstream_fix": "Kernel 6.5-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4128\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4128\nhttps://access.redhat.com/security/cve/CVE-2023-4206\nhttps://access.redhat.com/security/cve/CVE-2023-4207\nhttps://access.redhat.com/security/cve/CVE-2023-4208" ], "name": "CVE-2023-4128", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate hashtables for a media channel, which allows remote attackers to cause a denial of service (application crash) via a crafted packet to the RTP dissector." ], "upstream_fix": "wireshark 1.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6422\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6422\nhttps://www.wireshark.org/security/wnpa-sec-2014-12.html" ], "name": "CVE-2014-6422", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-28T10:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.", "A flaw was found in the Linux kernel’s implementation of the Marvell wifi driver, which can allow a local user who has CAP_NET_ADMIN or administrative privileges to possibly cause a Denial Of Service (DOS) by corrupting memory and possible code execution." ], "acknowledgement": "Red Hat would like to thank Huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14814\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14814\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7caac62ed598a196d6ddf8d9c121e12e082cac3a" ], "name": "CVE-2019-14814", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802." ], "upstream_fix": "mariadb 5.5.46, mariadb 10.0.22, mariadb 10.1.8, mysql 5.6.27, mysql 5.5.46", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4792\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4792\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4792", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c." ], "upstream_fix": "ImageMagick 7.0.8-36, ImageMagick 6.9.10-36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16710\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16710" ], "name": "CVE-2019-16710", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-59->CWE-282", "details": [ "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.", "Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing)." ], "acknowledgement": "This issue was discovered by Renaud Métrich (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1063\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1063" ], "name": "CVE-2018-1063", "mitigation": { "value": "Remove any symbolic links from /tmp and /var/tmp directories before relabeling the file system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119->CWE-787", "details": [ "In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "A flaw was found in the USB monitor driver of the Linux kernel. This flaw allows an attacker with physical access to the system to crash the system or potentially escalate their privileges." ], "statement": "This issue is rated as having Low impact because of the need of physical access and debugfs mounted.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9456\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9456" ], "name": "CVE-2019-9456", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", "An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1789\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1789" ], "name": "CVE-2015-1789", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.", "An open redirect flaw was discovered in mod_auth_openidc where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with slash and backslash at the beginning to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect him to another, possibly malicious, URL." ], "statement": "It is not possible to reproduce the open redirect vulnerability in the versions of mod_auth_openidc as shipped in Red Hat Enterprise Linux 7, as a missing check makes the process crash, due to a NULL pointer dereference, instead of letting it continue with an invalid URL.", "upstream_fix": "mod_auth_openidc 2.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20479\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20479" ], "name": "CVE-2019-20479", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." ], "statement": "In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP mysql package.", "upstream_fix": "mariadb 10.3.19, mariadb 10.1.42, mariadb 10.2.28, mariadb 5.5.66, mariadb 10.4.9, mysql 8.0.20, mysql 5.7.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2144\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2144\nhttps://www.oracle.com/security-alerts/cpuapr2021.html#AppendixMSQL" ], "name": "CVE-2021-2144", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-09-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.", "A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6, JBoss Enterprise Web Server 1 and 2, and JBoss Application Platform 6.", "upstream_fix": "httpd 2.4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3581\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3581" ], "name": "CVE-2014-3581", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c, parse_codes(), realloc(rar->lzss.window, new_size) with new_size = 0 that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted RAR archive." ], "statement": "This issue affects the versions of libarchive as shipped with Red Hat Enterprise Linux 7.\nThis issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000877\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000877" ], "name": "CVE-2018-1000877", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-250", "details": [ "Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.", "A flaw was found in the Linux kernel's implementation of GVT-g which allowed an attacker with access to a 'passed through' Intel i915 graphics card to possibly access resources allocated to other virtual machines, crash the host, or possibly corrupt memory leading to privilege escalation." ], "upstream_fix": "kernel 5.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11085\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11085\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html" ], "name": "CVE-2019-11085", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-281", "details": [ "A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.", "A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system." ], "statement": "For the Red Hat Enterprise Linux default configuration, the issue occurs only if a local user is running malicious code on GPU. The GPU is used and the user is required to have privileges to access the i915 Intel GPU.", "upstream_fix": "kernel 5.17-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-0330\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0330\nhttps://www.openwall.com/lists/oss-security/2022/01/25/12" ], "name": "CVE-2022-0330", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.", "A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions." ], "acknowledgement": "Red Hat would like to thank Johannes Wikner (ETH Zürich) and Kaveh Razavi (ETH Zürich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29900\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29900\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037" ], "name": "CVE-2022-29900", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-07T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.", "A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding requests, or exhaust system sockets (denial of service)." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "dhcp 4.1-ESV-R13, dhcp 4.3.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2774\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2774\nhttps://kb.isc.org/article/AA-01354" ], "name": "CVE-2016-2774", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service." ], "upstream_fix": "ImageMagick 7.0.6-6, ImageMagick 6.9.9-6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12805\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12805" ], "name": "CVE-2017-12805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-25T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-667", "details": [ "A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.", "A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3901\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3901" ], "name": "CVE-2019-3901", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-24T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-454", "details": [ "The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.", "It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2922\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2922" ], "name": "CVE-2015-2922", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options." ], "upstream_fix": "mariadb 10.0.23, mariadb 10.1.10, mariadb 5.5.47, mysql 5.5.47, mysql 5.7.10, mysql 5.6.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0505\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0505\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0505", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.", "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10928\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10928" ], "name": "CVE-2018-10928", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.", "A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15436\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15436" ], "name": "CVE-2020-15436", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-19T00:00:00Z", "cvss3": { "cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", "A vulnerability was discovered in glibc where the LD_PREFER_MAP_32BIT_EXEC environment variable is not ignored when running binaries with the setuid flag on x86_64 architectures. This allows an attacker to force system to utilize only half of the memory (making the system think the software is 32-bit only), thus lowering the amount of memory being used with address space layout randomization (ASLR). The highest threat is confidentiality although the complexity of attack is high. The affected application must already have other vulnerabilities for this flaw to be usable." ], "upstream_fix": "glibc 2.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19126\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19126" ], "name": "CVE-2019-19126", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-345", "details": [ "Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.", "A flaw was found in the way Bundler handled gems available from multiple sources. An attacker with access to one of the sources could create a malicious gem with the same name, which they could then use to trick a user into installing, potentially resulting in execution of code from the attacker-supplied malicious gem." ], "upstream_fix": "Bundler 1.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-0334\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0334\nhttp://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html" ], "name": "CVE-2013-0334", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7643\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7643" ], "name": "CVE-2018-7643", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.", "The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping." ], "upstream_fix": "kernel 4.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18208\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18208\nhttps://lwn.net/Articles/618064/\nhttps://www.kernel.org/doc/Documentation/filesystems/dax.txt" ], "name": "CVE-2017-18208", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.", "It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5542\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5542\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5542", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12767\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12767" ], "name": "CVE-2020-12767", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5848\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5848" ], "name": "CVE-2017-5848", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2432\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2432\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL" ], "name": "CVE-2014-2432", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-10T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.", "It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Marco Grassi for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8645\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8645" ], "name": "CVE-2016-8645", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string." ], "upstream_fix": "glibc 2.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15670\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15670" ], "name": "CVE-2017-15670", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-17T17:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.", "An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented, which leads to increased resource utilization to traverse and process these fragments as further SACK segments are received on the same TCP connection. A remote attacker could use this flaw to cause a denial of service (DoS) by sending a crafted sequence of SACK segments on a TCP connection." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack\nRed Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Jonathan Looney (Netflix Information Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11478\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11478\nhttps://patchwork.ozlabs.org/project/netdev/list/?series=114310\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5" ], "name": "CVE-2019-11478", "mitigation": { "value": "For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-843", "details": [ "The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a \"type confusion\" issue." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Paul Bandha as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2728\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2728\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-61.html" ], "name": "CVE-2015-2728", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-16T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.", "An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances." ], "upstream_fix": "bash 4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7543\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7543" ], "name": "CVE-2016-7543", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2815\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2815" ], "name": "CVE-2018-2815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.", "Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7541\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7541" ], "name": "CVE-2017-7541", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", "A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation." ], "statement": "Red Hat Enterprise Linux 6 is not affected by this flaw as it did not include support for the TC flower classifier.", "upstream_fix": "kernel 6.4-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-35788\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35788\nhttps://www.openwall.com/lists/oss-security/2023/06/07/1" ], "name": "CVE-2023-35788", "mitigation": { "value": "This flaw can be mitigated by preventing the affected `cls_flower` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0797\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0797\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-47.html" ], "name": "CVE-2015-0797", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-250|CWE-122)", "details": [ "An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.", "A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank Adam Nichols (GRIMM) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27365\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27365\nhttps://www.openwall.com/lists/oss-security/2021/03/06/1" ], "name": "CVE-2021-27365", "mitigation": { "value": "The LIBISCSI module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n~~~\n# echo \"install libiscsi /bin/true\" >> /etc/modprobe.d/disable-libiscsi.conf\n~~~\nThe system will need to be restarted if the libiscsi modules are loaded. In most circumstances, the libiscsi kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf the system requires iscsi to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-16T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-662->CWE-300", "details": [ "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.", "A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Emil Lenngren as the original reporter.", "upstream_fix": "postgresql 9.3.6, postgresql 9.2.10, postgresql 9.0.19, postgresql 9.4.1, postgresql 9.1.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0244\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0244\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2015-0244", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.", "A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tim Taubert as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1979\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1979\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-36" ], "name": "CVE-2016-1979", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4475\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4475\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-80.html" ], "name": "CVE-2015-4475", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges CESG (the Information Security Arm of GCHQ) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2808\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2808\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-47.html" ], "name": "CVE-2016-2808", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-12-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-384", "details": [ "When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.", "It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and integrity." ], "statement": "All affected Red Hat products providing the affected component code should update their setups per the product fixes given.\nThe following Red Hat products are out of support scope for Low Impact flaws, and as such will not issue security fixes:\nRed Hat Enterprise Linux 5\nRed Hat Enterprise Linux 6\nRed Hat JBoss BPM Suite 6\nRed Hat JBoss BRMS 6", "upstream_fix": "tomcat 9.0.30, tomcat 8.5.50, tomcat 7.0.99", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17563\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17563\nhttp://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50" ], "name": "CVE-2019-17563", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.", "A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it doesn't provide support for AUTH chunks.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue. This issue has been fixed in Red Hat Enterprise MRG via RHSA-2014:1083.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5077\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5077" ], "name": "CVE-2014-5077", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.", "An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000199\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000199" ], "name": "CVE-2018-1000199", "mitigation": { "value": "To mitigate this issue:\n1) Save the following script in a 'CVE-2018-1000199.stp' file.\n---\nprobe kernel.function(\"ptrace_set_debugreg\") {\nif ($n < 4)\n$n = 4; /* set invalid debug register #, returns -EIO */\n}\nprobe begin {\nprintk(0, \"CVE-2018-1000199 mitigation loaded\")\n}\nprobe end {\nprintk(0, \"CVE-2018-1000199 mitigation unloaded\")\n}\n---\n2) Install systemtap package and its dependencies\n# yum install -y systemtap systemtap-runtime\n# yum install -y kernel-devel kernel-debuginfo kernel-debuginfo-common\n3) Build the mitigation kernel module as root.\n# stap -r `uname -r` -m cve_2018_1000199.ko -g CVE-2018-1000199.stp -p4\n4) Load the mitigation module as root\n# staprun -L cve_2018_1000199.ko", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tom Tung and Karl Tomlinson as the original reporter.", "upstream_fix": "thunderbird 68.9.0, firefox 68.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12410\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12410\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405" ], "name": "CVE-2020-12410", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16419\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16419\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16419", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-01-31T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN." ], "statement": "This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, 5, and 6.", "acknowledgement": "Red Hat would like to thank GnuTLS upstream for reporting this issue.", "upstream_fix": "gnutls 3.1.20, gnutls 3.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3465\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3465" ], "name": "CVE-2014-3465", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-12T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.", "The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9084\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9084" ], "name": "CVE-2016-9084", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file." ], "upstream_fix": "jasper 1.900.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9394\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9394" ], "name": "CVE-2016-9394", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-456", "details": [ "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the SyncImageSettings function in MagickCore/image.c. This is related to AcquireImage in magick/image.c." ], "upstream_fix": "ImageMagick 7.0.8-35, ImageMagick 6.9.10-35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12979\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12979" ], "name": "CVE-2019-12979", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output could be written past the end of a buffer stored on the memory stack. This could allow an attacker to execute arbitrary code or lead to a crash. This flaw can be exploited over the network." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11759\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11759\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759" ], "name": "CVE-2019-11759", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges R (Zero Day LLC) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18498\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18498\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18498" ], "name": "CVE-2018-18498", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound." ], "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2427\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2427\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2427", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function includeFile() in compileTranslationTable.c, that will lead to a remote denial of service attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13742\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13742" ], "name": "CVE-2017-13742", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7.\nThis issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19607\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19607" ], "name": "CVE-2018-19607", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avoid a buffer over-read." ], "upstream_fix": "wireshark 2.4.8, wireshark 2.6.2, wireshark 2.2.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14340\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14340\nhttps://www.wireshark.org/security/wnpa-sec-2018-36.html" ], "name": "CVE-2018-14340", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15863\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15863" ], "name": "CVE-2018-15863", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-25T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7317\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7317" ], "name": "CVE-2019-7317", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-25T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected." ], "acknowledgement": "Red Hat would like to thank Liu Bingchang (IIE) for reporting this issue.", "upstream_fix": "jasper 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8654\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8654" ], "name": "CVE-2016-8654", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-31T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-345", "details": [ "GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious \"sh -c\" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.", "An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening a .desktop file disguised as a document, such as a PDF, and execute arbitrary commands." ], "upstream_fix": "nautilus 3.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14604\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14604" ], "name": "CVE-2017-14604", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1964\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1964\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-27.html" ], "name": "CVE-2016-1964", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-704", "details": [ "epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." ], "acknowledgement": "This issue was discovered by Martin Žember (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3182\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3182" ], "name": "CVE-2015-3182", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-121", "details": [ "Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.", "A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash." ], "acknowledgement": "Red Hat would like to thank the NTP project for reporting this issue. Upstream acknowledges Cure53 as the original reporter.", "upstream_fix": "ntp 4.2.8p10, ntp 4.3.94", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6462\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6462" ], "name": "CVE-2017-6462", "mitigation": { "value": "Properly monitor your ntpd instances, and auto-restart ntpd (without -g) if it stops running.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication." ], "statement": "This issue affects the versions of uriparser as shipped with Red Hat Enterprise Linux 7.", "upstream_fix": "uriparser 0.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19199\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19199" ], "name": "CVE-2018-19199", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-843", "details": [ "The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.", "Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash." ], "upstream_fix": "php 5.5.24, php 5.6.8, php 5.4.40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4599\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4599" ], "name": "CVE-2015-4599", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.", "It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes." ], "statement": "This vulnerability affects gluster servers that use 'auth.allow' to restrict access to gluster volumes. Gluster servers using TLS to authenticate gluster clients are not affected by this. This vulnerability allows any client to connect to any gluster volume which only uses auth.allow to restrict access.\nThis issue did not affect the versions of glusterfs as shipped with Red Hat Enterprise Linux 6 and 7 because only gluster client is shipped in these products. CVE-2018-1112 affects glusterfs-server package as shipped with Red Hat Gluster Storage 3.", "upstream_fix": "glusterfs 3.10.12, glusterfs 4.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1112\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1112\nhttps://access.redhat.com/articles/3422521" ], "csaw": true, "name": "CVE-2018-1112", "mitigation": { "value": "1. Use TLS Authentication to authenticate gluster clients to limit access to gluster storage volumes\n2. The gluster server should be on LAN, firewalled to trusted systems, and not reachable from public networks.", "lang": "en:us" } }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2725\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2725\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-59.html" ], "name": "CVE-2015-2725", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.", "An argument order confusion flaw was found in the SQLWriteFileDSN API of unixODBC. This could only be exploited via a malicious ODBC database connector package with the maximum impact being a denial of service." ], "upstream_fix": "unixODBC 2.3.6pre", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7485\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7485" ], "name": "CVE-2018-7485", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-665", "details": [ "fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.", "A vulnerability was found in the Linux kernel where filesystems mounted with data=ordered mode may allow an attacker to read stale data from recently allocated blocks in new files after a system 'reset' by abusing ext4 mechanics of delayed allocation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.\nfs", "acknowledgement": "Red Hat would like to thank Takeshi Nishimura (NEC) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7495\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7495\nhttp://seclists.org/oss-sec/2017/q2/259\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824" ], "name": "CVE-2017-7495", "mitigation": { "value": "Alternative filesystems may be used in place of ext4 in case of sensitive data leak. Alternatively, don't hard reset the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.", "It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not." ], "upstream_fix": "tomcat 8.5.5, tomcat 6.0.47, tomcat 7.0.72, tomcat 8.0.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6797\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6797\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-6797", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.67, mariadb 10.4.12, mariadb 10.3.22, mariadb 10.2.31, mariadb 10.1.44, mariadb-connector-c 3.1.7, mysql 5.6.47, mysql 5.7.29, mysql 8.0.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2574\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2574\nhttps://www.oracle.com/security-alerts/cpujan2020.html" ], "name": "CVE-2020-2574", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-05T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.", "Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash." ], "upstream_fix": "openssl 1.0.2i, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2177\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2177\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2177", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5272\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5272\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5272", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-401", "details": [ "ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10805\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10805" ], "name": "CVE-2018-10805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.", "A buffer overflow flaw was found in the unicode_to_ansi_copy() function of unixODBC. This overflow is not directly controllable by an attacker making the maximum potential impact a crash or denial of service." ], "upstream_fix": "unixODBC 2.3.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7409\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7409" ], "name": "CVE-2018-7409", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-772", "details": [ "The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.", "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "acknowledgement": "Red Hat would like to thank Dmitry Vyukov (Google Inc.) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2596\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2596" ], "name": "CVE-2017-2596", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-09T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-628->(CWE-835|CWE-330)", "details": [ "ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.", "A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server." ], "statement": "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3405\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3405" ], "name": "CVE-2015-3405", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "The audiofile Audio File Library 0.3.6 has a NULL pointer dereference bug in ModuleState::setup in modules/ModuleState.cpp, which allows an attacker to cause a denial of service via a crafted caf file, as demonstrated by sfconvert." ], "statement": "Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13440\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13440" ], "name": "CVE-2018-13440", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5429\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5429\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5429" ], "name": "CVE-2017-5429", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-23T00:00:00Z", "cvss": { "cvss_base_score": "1.7", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-138", "details": [ "Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service (/etc/passwd corruption) via a newline character in the GECOS field.", "It was found that libuser, as used by the chfn userhelper functionality, did not properly filter out newline characters in GECOS fields. A local, authenticated user could use this flaw to corrupt the /etc/passwd file, resulting in a denial-of-service on the system." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This vulnerability has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3245\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3245\nhttps://access.redhat.com/articles/1537873" ], "name": "CVE-2015-3245", "mitigation": { "value": "Add pam_warn and pam_deny rules to /etc/pam.d/chfn and /etc/pam.d/chsh to prevent non-root users from using this functionality. With these edits, the files should contain:\n#%PAM-1.0\nauth sufficient pam_rootok.so\nauth required pam_warn.so\nauth required pam_deny.so\nauth include system-auth\naccount include system-auth\npassword include system-auth\nsession include system-auth\nAfterwards, attempts by unprivileged users to use chfn and chsh (and the respective functionality in the userhelper program) will fail, and will be logged (by default in /var/log/secure).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16749\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16749" ], "name": "CVE-2018-16749", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c." ], "upstream_fix": "GraphicsMagick 1.3.31, ImageMagick 6.9.10-43, ImageMagick 7.0.8-43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15140\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15140" ], "name": "CVE-2019-15140", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled.", "A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time." ], "upstream_fix": "ntp 4.2.8p7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1547\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1547\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security\nhttp://www.talosintel.com/reports/TALOS-2016-0081/" ], "name": "CVE-2016-1547", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." ], "upstream_fix": "mariadb 10.0.32, mariadb 5.5.57, mariadb 10.1.26, mariadb 10.2.8, mysql 5.7.20, mysql 5.6.38, mysql 5.5.58", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10379\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10379\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL" ], "name": "CVE-2017-10379", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-14T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.", "The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "upstream_fix": "kernel 4.2-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8956\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8956" ], "name": "CVE-2015-8956", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "details": [ "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", "A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system." ], "statement": "This bind flaw can be exploited by a remote attacker (AV:N) by opening large number of simultaneous TCP client connections with the server. No special exploit code is required apart from the ability to open large number of TCP connections simultaneously either from one attacker machine or via some distributed attacker network (AC:L and PR:L). No user interaction is required from the server side (UI:N). The attacker can cause denial of service (A:H) by exhausting the file descriptor pool which named has access to. Also in cases where named process is not limited by OS-enforced per-process limits, this could cause exhaustion of available free file descriptors on the system running the named server causing denial of service for other processes running on that machine (S:C).", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges AT&T as the original reporter.", "upstream_fix": "bind 9.11.7, bind 9.11.6-P1, bind 9.14.1, bind 9.12.4-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5743\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5743\nhttps://kb.isc.org/docs/cve-2018-5743" ], "name": "CVE-2018-5743", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.", "A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser." ], "statement": "This flaw is considered Low, because it requires the attacker to first request or predict a valid nonce. Without a valid nonce, no arbitrary HTML will be sent back to the victim's browser.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10146\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10146" ], "name": "CVE-2019-10146", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-24T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.", "An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4998\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4998" ], "name": "CVE-2016-4998", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.", "A use-after-free vulnerability was discovered in libarchive in the way it processes RAR archives when there is an error in one of the archive's entries. An application that accepts untrusted RAR archives may be vulnerable to this flaw, which could allow a remote attacker to cause a denial of service or to potentially execute code." ], "statement": "This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6 as they did not include support for RAR archives.", "upstream_fix": "libarchive 3.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18408\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18408" ], "name": "CVE-2019-18408", "mitigation": { "value": "No known mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-13T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.", "An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys (MOKs). A local attacker could potentially use this flaw to execute arbitrary code on the system." ], "acknowledgement": "Red Hat would like to thank SUSE Security Team for reporting this issue.", "upstream_fix": "shim-0.7 8.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3677\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3677" ], "name": "CVE-2014-3677", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-20T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.", "A flaw was found in git where credentials can be leaked through the use of a crafted URL. The crafted URL must contain a newline, empty host, or lack a scheme so that the credential helper is fulled into giving the information of a different host to the client. The highest threat from this vulnerability is to data confidentiality." ], "statement": "Red Hat Enterprise Linux 6 is not affected by this flaw as the vulnerable version of git, version 1.7.9-rc0 and later, was never made available for this product.", "acknowledgement": "Red Hat would like to thank the Git project for reporting this issue. Upstream acknowledges Carlo Arenas as the original reporter.", "upstream_fix": "git 2.25.4, git 2.18.4, git 2.24.3, git 2.21.3, git 2.23.3, git 2.26.2, git 2.20.4, git 2.22.4, git 2.19.5, git 2.17.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11008\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11008\nhttps://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7\nhttps://lore.kernel.org/git/xmqq4kterq5s.fsf@gitster.c.googlers.com/" ], "name": "CVE-2020-11008", "mitigation": { "value": "The most complete workaround is to disable credential helpers altogether:\n~~~\ngit config --unset credential.helper\ngit config --global --unset credential.helper\ngit config --system --unset credential.helper\n~~~\nAn alternative is to avoid malicious URLs:\n1. Examine the hostname and username portion of URLs fed to git clone or git fetch for the presence of encoded newlines (%0A) or syntactic oddities (e.g., http:///host with three slashes).\n2. Avoid using submodules with untrusted repositories (don't use git clone --recurse-submodules; use git submodule update only after examining the URLs found in .gitmodules).\n3. Avoid tools which may run git clone on untrusted URLs under the hood.\n4. Avoid using the credential helper by only cloning publicly available repositories.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-369", "details": [ "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.", "A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to \"0\". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6054\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6054" ], "name": "CVE-2014-6054", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.", "A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system." ], "acknowledgement": "Red Hat would like to thank Adam Nichols (GRIMM) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27363\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27363\nhttps://www.openwall.com/lists/oss-security/2021/03/06/1" ], "name": "CVE-2021-27363", "mitigation": { "value": "The LIBISCSI module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install libiscsi /bin/true\" >> /etc/modprobe.d/disable-libiscsi.conf\nThe system will need to be restarted if the libiscsi modules are loaded. In most circumstances, the libiscsi kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf the system requires iscsi to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-25T12:53:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.", "There is a use-after-free problem seen due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode." ], "statement": "This issue is rated as having Low impact as there is a need for high privilege access to trigger this problem. This will need an access to /dev/ptpX which is privileged operation, also removing the module is needed (again, privileged operation).", "upstream_fix": "kernel 5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10690\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10690" ], "name": "CVE-2020-10690", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.", "The ntpq and ntpdc command-line utilities that are part of ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application." ], "statement": "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12327\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12327" ], "name": "CVE-2018-12327", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-24T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "This issue was discovered by Mateusz Guzik (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0206\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0206" ], "name": "CVE-2014-0206", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "There is an illegal address access in the function _lou_getALine() in compileTranslationTable.c:343 in Liblouis 3.2.0." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13744\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13744" ], "name": "CVE-2017-13744", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.", "A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20856\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20856" ], "name": "CVE-2018-20856", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-02-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Paul Bandha as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0831\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0831\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-16" ], "name": "CVE-2015-0831", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.", "A heap-based buffer overflow was discovered in ImageMagick in the way it applies a value with arithmetic, relational, or logical operators to an image due to mishandling columns. Applications compiled against ImageMagick libraries that accept untrustworthy images and use the evaluate-sequence option or function EvaluateImages may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code." ], "upstream_fix": "ImageMagick 6.9.10-50, ImageMagick 7.0.8-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13300\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13300" ], "name": "CVE-2019-13300", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5442\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5442\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5442" ], "name": "CVE-2017-5442", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10356\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10356" ], "name": "CVE-2017-10356", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-476", "details": [ "An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file." ], "statement": "This issue affects the versions of advancecomp as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8379\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8379" ], "name": "CVE-2019-8379", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-732", "details": [ "A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.", "It was found that IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys." ], "acknowledgement": "This issue was discovered by Fraser Tweedale (Red Hat).", "upstream_fix": "ipa 4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2590\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2590" ], "name": "CVE-2017-2590", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-460", "details": [ "An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.", "A flaw was found in the way the rx_queue_add_kobject and netdev_queue_add_kobject functions in the Linux kernel handled refcounting of certain objects. This flaw allows a local user who can trigger the error code path to use this vulnerability to disturb the integrity of the system." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the error code path (privileges).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20811\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e" ], "name": "CVE-2019-20811", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred", "A flaw was found in the Linux kernel. The Wireless configuration API functionality mishandles resource cleanup in nl80211_get_ftm_responder_stats function. An attacker able to trigger the resource cleanup code path could use this flaw to crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Moderate impact because of the preconditions needed to trigger the resource cleanup code path.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19055\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19055" ], "name": "CVE-2019-19055", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module cfg80211. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.", "Memory safety flaws were found in Mozilla Firefox and Thunderbird. Memory corruption that an attacker could leverage with enough effort, could allow arbitrary code to run. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alexandru Michis, André Bargull, Bas Schouten, Jason Kratzer, Karl Tomlinson, Ted Campbell, and philipp as the original reporters.", "upstream_fix": "thunderbird 68.8.0, firefox 68.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12395\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12395\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395" ], "name": "CVE-2020-12395", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-21T21:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ssbd", "acknowledgement": "Red Hat would like to thank Jann Horn (Google Project Zero) and Ken Johnson (Microsoft Security Response Center) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3639\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3639\nhttps://access.redhat.com/security/vulnerabilities/ssbd\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1528\nhttps://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf\nhttps://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html" ], "csaw": true, "name": "CVE-2018-3639" }, { "threat_severity": "Important", "public_date": "2018-11-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations." ], "statement": "This vulnerability is present in versions of perl included with Red Hat Virtualization Hypervisor and Management Appliance, however it is not exposed in any meaningful way. Perl is only included in these images as a dependency of components which do not manipulate ENV, and are not exposed to user input. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter.", "upstream_fix": "perl 5.29.1, perl 5.26.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18311\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18311" ], "name": "CVE-2018-18311", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-377", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.", "Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack." ], "acknowledgement": "This issue was discovered by Red Hat.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0383\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0383\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2015-0383", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-10T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not validate bitmask data, which allows remote attackers to cause a denial of service (application crash) via a crafted file." ], "upstream_fix": "wireshark 1.12.1, wireshark 1.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6430\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6430\nhttps://www.wireshark.org/security/wnpa-sec-2014-19.html" ], "name": "CVE-2014-6430", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2773\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2773" ], "name": "CVE-2020-2773", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value." ], "upstream_fix": "jasper 1.900.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10251\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10251" ], "name": "CVE-2016-10251", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-29457. Reason: This candidate is a duplicate of CVE-2021-29457. Notes: All CVE users should reference CVE-2021-29457 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage", "A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "exiv2 0.27.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-31291\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-31291" ], "name": "CVE-2021-31291", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.", "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine." ], "statement": "Red Hat Enterprise Linux 6 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Pedro Barbosa (Red Hat) and the PostgreSQL project. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15097\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15097" ], "name": "CVE-2017-15097", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.", "Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9635\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9635\nhttps://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html" ], "name": "CVE-2016-9635", "mitigation": { "value": "This mitigation is only required if vulnerable gstreamer-plugins-good and/or gstreamer1-plugins-good packages are installed.\nFor RHEL 7,\nsudo rm /usr/lib*/gstreamer-1.0/libgstflxdec.so\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so\nFor RHEL 5 and RHEL 6,\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so\nPlease note that this mitigation deletes the vulnerable FLI/FLC/FLX animation demuxer file(s), which removes the functionality to play FLI/FLC/FLX animation files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-667->CWE-662", "details": [ "An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.", "A denial-of-service (DoS) flaw was identified in the Linux kernel due to an incorrect memory barrier in xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem." ], "upstream_fix": "kernel 5.12 rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29650\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29650\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=175e476b8cdf2a4de7432583b49c871345e4f8a1" ], "name": "CVE-2021-29650", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.", "A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters.", "upstream_fix": "openssl 1.0.2g, openssl 1.0.1s", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0800\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0800\nhttps://access.redhat.com/articles/2176731\nhttps://www.drownattack.com/\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "csaw": true, "name": "CVE-2016-0800" }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-228->CWE-476", "details": [ "The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.", "A vulnerability was found in libarchive. A specially crafted 7Z file could trigger a NULL pointer dereference, causing the application to crash." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8922\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8922" ], "name": "CVE-2015-8922", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2949\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2949" ], "name": "CVE-2019-2949", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-835", "details": [ "The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.", "An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and does not qualify for inclusion as part of the Red Hat Enterprise Linux 5 lifecycle. For more information on the lifecycle see https://access.redhat.com/support/policy/updates/errata", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7542\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7542" ], "name": "CVE-2017-7542", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "details": [ "An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ivan Fratric (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5447\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5447\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5447" ], "name": "CVE-2017-5447", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the \"dead\" type.", "The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service via a request_key system call for the \"dead\" key type." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6951\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6951" ], "name": "CVE-2017-6951", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-05T16:45:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.", "A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "This issue was discovered by Jay Shin (Red Hat).", "upstream_fix": "Linux kernel version 5.9-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14314\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14314\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1\nhttps://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u" ], "name": "CVE-2020-14314", "mitigation": { "value": "If any directories of the partition (or image) broken, the command \"e2fsck -Df .../partition-name\" fixes it.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.", "A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue.", "upstream_fix": "nss 3.55", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12403\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12403\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes" ], "name": "CVE-2020-12403", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-08T06:30:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40982\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40982\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html" ], "name": "CVE-2022-40982", "mitigation": { "value": "The vulnerability can be mitigated by installing the CPU microcode package microcode_ctl version 20230808.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-13T00:00:00Z", "cvss3": { "cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.", "A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability." ], "acknowledgement": "This issue was discovered by Jay Shin (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10742\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10742" ], "name": "CVE-2020-10742", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7974\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7974" ], "name": "CVE-2016-7974", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8822\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8822\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8822", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted image file.", "A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service." ], "upstream_fix": "php 7.0.15, php 7.1.1, php 5.6.30, gd 2.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10167\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10167" ], "name": "CVE-2016-10167", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-13T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Xiaofeng Zheng as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8639\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8639\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-04.html" ], "name": "CVE-2014-8639", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", "It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10198\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10198" ], "name": "CVE-2017-10198", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2739\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2739\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3899\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3899\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3899", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-26T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "(CWE-732|CWE-522)", "details": [ "virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.", "It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file." ], "acknowledgement": "Red Hat would like to thank Sal Castiglione for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0189\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0189" ], "name": "CVE-2014-0189", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2989\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2989" ], "name": "CVE-2019-2989", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 (\"[IPv4/IPv6]: UFO Scatter-gather approach\") on Oct 18 2005.", "An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5,6, 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Andrey Konovalov for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000112\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000112" ], "name": "CVE-2017-1000112", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.", "A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server." ], "statement": "This issue does not affect the version of openssl shipped with Red Hat Enterprise Linux 5; Red Hat JBoss Enterprise Application Server 5 and 6; and Red Hat JBoss Enterprise Web Server 1 and 2 because openssl-0.9.8e does not include support for session tickets.", "upstream_fix": "openssl 1.0.1j, openssl 0.9.8zc, openssl 1.0.0o", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3567\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3567\nhttps://www.openssl.org/news/secadv_20141015.txt" ], "name": "CVE-2014-3567", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-04T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-193", "details": [ "Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet." ], "statement": "This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "Wireshark 1.10.13, Wireshark 1.12.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2189\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2189" ], "name": "CVE-2015-2189", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "An assertion error has been reported in graphite2. An attacker could possibly exploit this flaw to cause an application crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7775\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7775\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7775", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-01T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-697->CWE-297", "details": [ "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.", "It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate." ], "statement": "This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "squid 3.2.14, squid 3.5.4, squid 3.3.14, squid 3.4.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3455\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3455\nhttp://www.squid-cache.org/Advisories/SQUID-2015_1.txt" ], "name": "CVE-2015-3455", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-08-09T06:30:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.", "A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-26373\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26373\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/post-barrier-return-stack-buffer-predictions.html" ], "name": "CVE-2022-26373", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.", "It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges." ], "acknowledgement": "Red Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5425\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5425\nhttp://legalhackers.com/advisories/Tomcat-RedHat-based-Root-Privilege-Escalation-Exploit.txt" ], "name": "CVE-2016-5425", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8707\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8707\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8707", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7818\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7818\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7818" ], "name": "CVE-2017-7818", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.64, mariadb 10.2.24, mariadb 10.4.5, mariadb 10.3.15, mariadb 10.1.39, mysql 5.6.44, mysql 5.7.26, mysql 8.0.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2627\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2627\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" ], "name": "CVE-2019-2627", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-06-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "(CWE-416|CWE-119)", "details": [ "Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1538\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1538\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-49.html" ], "name": "CVE-2014-1538", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "A flaw was found in the TLS/SSL implementation in the JSSE component of OpenJDK, where it did not properly handle application data packets received before the handshake completion. This flaw allowed unauthorized injection of data at the beginning of a TLS session." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2816\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2816" ], "name": "CVE-2020-2816", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-08T00:00:00Z", "cvss": { "cvss_base_score": "1.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7970\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7970" ], "name": "CVE-2014-7970", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2708\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2708\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-46.html" ], "name": "CVE-2015-2708", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nManipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Marcin 'Icewall' Noga (Cisco Talos) as the original reporter.", "upstream_fix": "thunderbird 78, thunderbird 68.10.0, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12418\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12418\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418" ], "name": "CVE-2020-12418", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0." ], "statement": "Although this flaw affects versions of freerdp shipped with Red Hat Enterprise Linux 7 and 8, Red Hat Product Security views this flaw as having low impact because it only affects the freerdp client, the user must connect to an untrusted or compromised server, and it would not lead to a persistent denial of service if exploited.", "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11038\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11038" ], "name": "CVE-2020-11038", "mitigation": { "value": "This flaw can be mitigated by deactivating video redirection on the client side and not using /video.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-06-15T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-253", "details": [ "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", "A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and may be addressed in a future update.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix\nthis issue have been shipped now.", "acknowledgement": "This issue was discovered by David Howells (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4470\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4470" ], "name": "CVE-2016-4470", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", "It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters.", "upstream_fix": "openssl 1.0.0r, openssl 1.0.2a, openssl 1.0.1m, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0703\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0703\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0703", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-41", "details": [ "vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.", "An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue.", "upstream_fix": "samba 4.1.22, samba 4.2.7, samba 4.3.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5252\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5252\nhttps://www.samba.org/samba/security/CVE-2015-5252.html" ], "name": "CVE-2015-5252", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-27T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.", "A stack-based buffer overflow flaw was found in the SREC parser of the libbfd library. A specially crafted file could cause an application using the libbfd library to crash or, potentially, execute arbitrary code with the privileges of the user running that application." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8504\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8504" ], "name": "CVE-2014-8504", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6530\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6530" ], "name": "CVE-2014-6530", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.", "A heap-based buffer overflow flaw was found in openjpeg in the opj_t1_clbl_decode_processor in libopenjp2.so. Affecting versions through 2.3.1, the highest threat from this vulnerability is to file confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6851\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6851" ], "name": "CVE-2020-6851", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1." ], "upstream_fix": "libical 1.0.0, Thunderbird 60.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11704\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11704\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-17/\nhttps://www.x41-dsec.de/lab/advisories/x41-2019-001-thunderbird/" ], "name": "CVE-2019-11704", "mitigation": { "value": "Thunderbird can be configured to use icaljs instead of libical by setting `calendar.icaljs = true` in preferences, mitigating this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges André Bargull, Bob Clary, Christian Holler, David Keeler, Gary Kwong, Jan de Mooij, Jason Kratzer, Jet Villegas, Jon Coppeard, Julien Cristau, Nicholas Nethercote, Oriol Brufau, Philipp, Randell Jesup, Ryan VanderMeulen, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7826\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7826\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7826" ], "name": "CVE-2017-7826", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.", "A heap-based buffer overflow flaw related to \"lz4::decompress\" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7772\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7772\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7772", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-25T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation." ], "upstream_fix": "gcc 5.5, gcc 6.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-11671\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11671" ], "name": "CVE-2017-11671", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." ], "upstream_fix": "mariadb 10.1.33, mariadb 10.2.15, mariadb 10.0.35, mariadb 5.5.60, mysql 5.6.40, mysql 5.7.22, mysql 5.5.60", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2813\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2813\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" ], "name": "CVE-2018-2813", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a \"SAML2 multi-session vulnerability.\"", "A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions." ], "acknowledgement": "This issue was discovered by Howard Johnson and Patrick Uiterwijk (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8638\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8638" ], "name": "CVE-2016-8638", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-01T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted \"run-length count\" in an image in a WMF file.", "It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4588\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4588" ], "name": "CVE-2015-4588", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18492\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18492\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18492" ], "name": "CVE-2018-18492", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-08-07T00:00:00Z", "cvss": { "cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-862->CWE-201", "details": [ "Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.", "It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information." ], "acknowledgement": "This issue was discovered by Ludwig Krispenz (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3562\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3562" ], "name": "CVE-2014-3562", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-20T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a crafted XCF file.", "Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4994\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4994" ], "name": "CVE-2016-4994", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-122", "details": [ "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate." ], "upstream_fix": "gnutls 3.3.26, gnutls 3.5.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5337\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5337" ], "name": "CVE-2017-5337", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.1.23, mariadb 5.5.55, mariadb 10.2.6, mariadb 10.0.31, mysql 5.5.55, mysql 5.6.36, mysql 5.7.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3309\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3309\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" ], "name": "CVE-2017-3309", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-674", "details": [ "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.", "Missing recursive loop detection checks were found in the xmlParserEntityCheck() and xmlStringGetNodeList() functions of libxml2, causing application using the library to crash by stack exhaustion while building the associated data. An attacker able to send XML data to be parsed in recovery mode could launch a Denial of Service on the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3627\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3627" ], "name": "CVE-2016-3627", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8575\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8575" ], "name": "CVE-2016-8575", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.", "A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "upstream_fix": "bind 9.9.11-S2, bind 9.9.11-P1, bind 9.12.0rc2, bind 9.10.6-S2, bind 9.10.6-P1, bind 9.11.2-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3145\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3145\nhttps://kb.isc.org/article/AA-01542" ], "name": "CVE-2017-3145", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502->CWE-284", "details": [ "The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.", "A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability." ], "upstream_fix": "Groovy 2.4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3253\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3253\nhttp://seclists.org/oss-sec/2015/q3/121" ], "name": "CVE-2015-3253", "mitigation": { "value": "Apply the following patch on the MethodClosure class (src/main/org/codehaus/groovy/runtime/MethodClosure.java):\npublic class MethodClosure extends Closure {\n+ private Object readResolve() {\n+ throw new UnsupportedOperationException();\n+ \n}\nAlternatively, you should make sure to use a custom security policy file (using the standard Java security manager) or make sure that you do not rely on serialization to communicate remotely.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.", "An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library." ], "statement": "The security flaw exists in NSS library Base64 encoder/decoder code. Any application which uses NSS library to parse base64 encoded data could possibly be affected by the flaw. For example:\n1. Servers compiled against NSS which parse untrusted certificates or any other base64 encoded data from its users.\n2. Utilities like curl etc which use NSS to parse user provided base64 encoded certificates.\n3. Applications like Firefox which use NSS to parse client-certificates before passing them to the web server.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5461\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5461\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461" ], "name": "CVE-2017-5461", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-125", "details": [ "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9658\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9658" ], "name": "CVE-2014-9658", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.", "A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3135\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3135\nhttps://kb.isc.org/article/AA-01453" ], "name": "CVE-2017-3135", "mitigation": { "value": "While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.", "A double-free of a password policy structure was found in the way slapd was handling certain errors during persistent search. A unauthenticated attacker could use this flaw to crash Directory Server." ], "acknowledgement": "This issue was discovered by Viktor Ashirov (Red Hat).", "upstream_fix": "389-ds-base 1.4.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14638\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14638" ], "name": "CVE-2018-14638", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.", "Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9808\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9808\nhttps://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html" ], "name": "CVE-2016-9808", "mitigation": { "value": "This mitigation is only required if vulnerable gstreamer-plugins-good and/or gstreamer1-plugins-good packages are installed.\nFor RHEL 7,\nsudo rm /usr/lib*/gstreamer-1.0/libgstflxdec.so\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so\nFor RHEL 5 and RHEL 6,\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so\nPlease note that this mitigation deletes the vulnerable FLI/FLC/FLX animation demuxer file(s), which removes the functionality to play FLI/FLC/FLX animation files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. The gem owner command outputs the contents of the API response directly to stdout. Therefore, if the response is crafted, escape sequence injection may occur." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8322\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8322" ], "name": "CVE-2019-8322", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-01-13T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Christian Holler and Patrick McManus as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8634\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8634\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-01.html" ], "name": "CVE-2014-8634", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5460\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5460\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5460" ], "name": "CVE-2017-5460", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-193", "details": [ "ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.", "An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash." ], "upstream_fix": "ntp 4.2.8p4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7852\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7852\nhttp://support.ntp.org/bin/view/Main/NtpBug2919\nhttp://talosintel.com/reports/TALOS-2015-0063/" ], "name": "CVE-2015-7852", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow." ], "upstream_fix": "wireshark 2.4.8, wireshark 2.6.2, wireshark 2.2.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14341\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14341\nhttps://www.wireshark.org/security/wnpa-sec-2018-39.html" ], "name": "CVE-2018-14341", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-16T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-377", "details": [ "Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.", "It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package." ], "statement": "This issue did not affect the versions of glusterfs as shipped\nwith Red Hat Enterprise Linux 6, and 7.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1795\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1795" ], "name": "CVE-2015-1795", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-29T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:H/Au:M/C:P/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", "A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include \"networks: dns\" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat).", "upstream_fix": "glibc 2.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3075\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3075" ], "name": "CVE-2016-3075", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.", "A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "This issue was discovered by Jay Shin (Red Hat).", "upstream_fix": "Linux kernel 4.5-rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20265\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20265" ], "name": "CVE-2021-20265", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7637\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7637" ], "name": "CVE-2019-7637", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-290", "details": [ "The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.", "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session." ], "upstream_fix": "tomcat 6.0.45, tomcat 7.0.68, tomcat 8.0.32", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0714\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0714\nhttp://seclists.org/bugtraq/2016/Feb/145" ], "name": "CVE-2016-0714", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.", "An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230." ], "upstream_fix": "squid 3.5.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4554\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4554\nhttp://www.squid-cache.org/Advisories/SQUID-2016_8.txt" ], "name": "CVE-2016-4554", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-02T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors." ], "upstream_fix": "nettle 3.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8804\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8804\nhttps://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003024.html" ], "name": "CVE-2015-8804", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-41", "details": [ "A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "httpd 2.4.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0220\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0220\nhttp://www.apache.org/dist/httpd/CHANGES_2.4\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2019-0220", "mitigation": { "value": "This flaw can be mitigation by replacing multiple consecutive slashes, used in directives that match against the path component of the request URL with regular expressions.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yuyang Zhou as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5291\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5291\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-5291", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.", "A flaw was found in ImageMagick version 7.0.8-50 Q16, containing memory leaks of AcquireMagickMemory due to an error found in MagickWand/mogrify.c. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory." ], "upstream_fix": "ImageMagick 6.9.10-50, ImageMagick 7.0.8-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13310\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13310" ], "name": "CVE-2019-13310", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.", "A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7843\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7843\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7843" ], "name": "CVE-2017-7843", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17101\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17101" ], "name": "CVE-2018-17101", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", "A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code." ], "upstream_fix": "glibc 2.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11237\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11237" ], "name": "CVE-2018-11237", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3508\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3508\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3508", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-23T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.", "It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2 as this flaw was fixed in the recent releases.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise\nLinux 6. Future updates for the respective releases may address the issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8215\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8215" ], "name": "CVE-2015-8215", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.", "Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.2.10, samba 4.3.7, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2110\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2110\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2110", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.", "It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords." ], "statement": "This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat Enterprise Linux 6, 7 and 8. More details available at: https://bugzilla.redhat.com/show_bug.cgi?id=1364935#c13", "upstream_fix": "openssh 7.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6515\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6515" ], "name": "CVE-2016-6515", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP." ], "upstream_fix": "mariadb 10.0.22, mariadb 5.5.46, mariadb 10.1.8, mysql 5.5.46, mysql 5.6.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4836\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4836\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4836", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2992\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2992" ], "name": "CVE-2019-2992", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.", "It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6558\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6558\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6558", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-843", "details": [ "In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code.", "It was discovered that the ghostscript .shfill operator did not properly validate certain types. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15909\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15909" ], "name": "CVE-2018-15909", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.", "A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5489\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5489" ], "name": "CVE-2019-5489", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.", "It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10088\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10088" ], "name": "CVE-2016-10088", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14579\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14579" ], "name": "CVE-2020-14579", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-05-01T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO & !OPOST\" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings." ], "statement": "This issue did not affect the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affected the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 prior to version kernel-2.6.32-358.6.1.el6, released via RHSA-2013:0744 (https://rhn.redhat.com/errata/RHSA-2013-0744.html). That update added a backport of the upstream commit c56a00a165, which avoided this issue.\nThis flaw requires local system access to be exploited. We are currently not aware of any working exploit for Red Hat Enterprise Linux 6 or Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0196\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0196" ], "name": "CVE-2014-0196", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3587\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3587\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3587", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-26T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122->CWE-125->CWE-787", "details": [ "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.", "A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the \"lp\" user." ], "acknowledgement": "This issue was discovered by Petr Sklenar (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3258\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3258" ], "name": "CVE-2015-3258", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.", "An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application." ], "statement": "This issue does not affect the version of gnutls as shipped with Red Hat Enterprise Linux 5 and 6, since it does not have support for ECC (Elliptic Curve Cryptography).", "upstream_fix": "gnutls 3.2.20, gnutls 3.1.28, gnutls 3.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8564\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8564" ], "name": "CVE-2014-8564", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-228->CWE-125", "details": [ "The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.", "A vulnerability was found in libarchive. A specially crafted mtree file could cause libarchive to read beyond a statically declared structure, potentially disclosing application memory." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8921\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8921" ], "name": "CVE-2015-8921", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value." ], "upstream_fix": "freerdp 2.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13397\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13397" ], "name": "CVE-2020-13397", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.", "A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read." ], "upstream_fix": "flac 1.3.1pre1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8962\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8962" ], "name": "CVE-2014-8962", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-367", "details": [ "In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.", "A race condition between pppol2tp_session_create() and l2tp_eth_create() in net/l2tp/l2tp_netlink.c was found in the Linux kernel. Calling l2tp_tunnel_find() may result in a new tunnel being created with tunnel id of a previously removed tunnel which wouldn't be protected by the reference counter." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9517\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9517" ], "name": "CVE-2018-9517", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-05T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-392", "details": [ "mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to force the use of ciphers that were not intended to be enabled.", "A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled." ], "acknowledgement": "This issue was discovered by Rob Crittenden (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3099\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3099" ], "name": "CVE-2016-3099", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.", "A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console." ], "statement": "This flaw is rated as a having Moderate impact, it is an infoleak that is written to the screen.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8649\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8649" ], "name": "CVE-2020-8649", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive." ], "statement": "This issue affects the versions of libarchive as shipped with Red Hat Enterprise Linux 7.\nThis issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000878\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000878" ], "name": "CVE-2018-1000878", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.", "A race-condition flaw was discovered in the kernel's netlink module creation, which can trigger a kernel panic in netlink_release->module_put for local users creating netlink sockets. The flaw is specific to Red Hat Enterprise Linux and does not affect upstream kernels. The nfnetlink_log module must be loaded before the flaw can occur." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2 and may be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7553\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7553" ], "name": "CVE-2015-7553", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-266", "details": [ "An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.", "A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space. This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace process, leading to privilege escalation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13166\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13166" ], "name": "CVE-2017-13166", "mitigation": { "value": "A systemtap script intercepting v4l2_compat_ioctl32() function of the [videodev] module and making it to return -ENOIOCTLCMD error value would work just fine, except breaking all 32bit video capturing software, but not 64bit ones.\nAlternatively, blacklisting [videodev] module will work too, but it will break all video capturing software.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.", "A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges." ], "statement": "This issue is rated between Moderate and Important (similar to the CVE-2022-45934) because of no known attack, and the attack would be complex. Anyway, consider this CVE-2022-3564 as Important because the use-after-free can potentially lead to privilege escalation or a potential remote system crash (and currently, a read after-free that in most cases would not lead to a remote system crash).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-3564\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3564\nhttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1" ], "name": "CVE-2022-3564", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-862->CWE-400", "details": [ "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.", "A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory." ], "upstream_fix": "openssl 0.9.8zb, openssl 1.0.1i, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3506\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3506\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3506", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3511\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3511\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3511", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.0.36, mariadb 5.5.61, mariadb 10.2.17, mariadb 10.3.9, mariadb 10.1.35, mysql 5.5.61", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3063\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3063\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" ], "name": "CVE-2018-3063", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.", "It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code." ], "statement": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10179\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10179" ], "name": "CVE-2019-10179", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7636\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7636" ], "name": "CVE-2019-7636", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Phil Ringalda, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2807\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2807\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-39.html" ], "name": "CVE-2016-2807", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-03T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.", "Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2842\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2842" ], "name": "CVE-2016-2842", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.", "It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible." ], "upstream_fix": "tomcat 8.5.5, tomcat 6.0.47, tomcat 7.0.72, tomcat 8.0.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6794\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-6794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-06T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-611", "details": [ "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.", "It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system." ], "statement": "This issue affects the versions of libvirt as shipped with Red Hat Enterprise Linux 5, however the impact is limited to denial of service since it does not support fine grained access control.", "acknowledgement": "Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0179\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0179\nhttp://security.libvirt.org/2014/0003.html" ], "name": "CVE-2014-0179", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-13T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-772->CWE-672->CWE-665", "details": [ "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.", "It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd." ], "acknowledgement": "Red Hat would like to thank Qinghao Tang (QIHU 360) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5621\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5621" ], "name": "CVE-2015-5621", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.", "A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3347\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3347" ], "name": "CVE-2021-3347", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-04T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack." ], "acknowledgement": "Red Hat would like to thank chenyuan (NESA Lab) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10733\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10733" ], "name": "CVE-2018-10733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-24T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.", "A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3185\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3185" ], "name": "CVE-2014-3185", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky and Olli Pettay as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0801\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0801\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-40.html" ], "name": "CVE-2015-0801", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-28T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.", "It was found that the fix for the CVE-2014-8485 issue was incomplete: a heap-based buffer overflow in the objdump utility could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running objdump when processing specially crafted files." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8502\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8502" ], "name": "CVE-2014-8502", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." ], "upstream_fix": "mariadb 10.0.32, mariadb 10.1.26, mariadb 10.2.8, mariadb 5.5.57, mysql 5.5.57, mysql 5.6.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3636\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3636\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" ], "name": "CVE-2017-3636", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.", "An open redirect flaw was discovered in mod_auth_openidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect them to another possibly malicious URL." ], "statement": "It is not possible to reproduce the open redirect vulnerability in the versions of mod_auth_openidc as shipped in Red Hat Enterprise Linux 7, as a missing check makes the process crash, due to a NULL pointer dereference, instead of letting it continue with an invalid URL.", "upstream_fix": "mod_auth_openidc 2.4.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14857\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14857" ], "name": "CVE-2019-14857", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-330", "details": [ "A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version", "A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well." ], "statement": "This issue is rated as having Moderate impact because of the attack scenario limitation. It is possible to harm the networking services only, but not for the overall system under attack, and impossible to get access to this remote system under attack.", "upstream_fix": "kernel 5.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25705\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25705" ], "name": "CVE-2020-25705", "mitigation": { "value": "The mitigation is to disable ICMP destination unreachable messages.\nThe commands to disable UDP port unreachable ICMP reply messages:\niptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP\nservice iptables save\nFor additional information about \"service iptables save\" please read https://access.redhat.com/solutions/1597703\nIt is not recommended to apply this rule if host being used as forwarder (router) of IP packets.\nOr it is possible to use this firewall-cmd instead of iptables and the result is similar:\nfirewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p icmp --icmp-type destination-unreachable -j DROP", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-21T03:28:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.", "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation." ], "statement": "This flaw affects all current shipping releases of Red Hat Enterprise Linux. This flaw requires real or emulated midi hardware available in the system. Fixes will be delivered when available.", "acknowledgement": "Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10902\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10902" ], "name": "CVE-2018-10902", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-16T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.", "A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG 2.\nPlease note that on Red Hat Enterprise Linux 6 pppol2tp module is not\nautomatically loaded when AF_PPPOX/PX_PROTO_OL2TP socket is created as\nRed Hat Enterprise Linux 6 lacks upstream commit 9395a09d05a23bb and default\nmodprobe configuration as shipped with module-init-tools package does not\ncontain the alias for pppol2tp protocol either. As a result, pppol2tp module\nhas to be explicitly enabled and/or loaded by the system administrator.", "acknowledgement": "Red Hat would like to thank Sasha Levin for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4943\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4943" ], "name": "CVE-2014-4943", "mitigation": { "value": "For Red Hat Enterprise Linux 6 do --\n]# echo \"install pppol2tp /bin/true\" > /etc/modprobe.d/pppol2tp.conf\nFor Red Hat Enterprise Linux 7 do --\n]# echo \"install l2tp_ppp /bin/true\" > /etc/modprobe.d/l2t_pppp.conf\nOr, alternatively, when pppol2tp/l2tp_ppp module can't be blacklisted and needs\nto be loaded, you can use the following systemtap script --\n1) On the host, save the following in a file with the \".stp\" extension --\nprobe module(\"*l2tp*\").function(\"pppol2tp_*etsockopt\").call {\n$level = 273;\n}\n2) Install the \"systemtap\" package and any required dependencies. Refer to\nthe \"2. Using SystemTap\" chapter in the Red Hat Enterprise Linux 6\n\"SystemTap Beginners Guide\" document, available from docs.redhat.com, for\ninformation on installing the required -debuginfo packages.\n3) Run the \"stap -g [filename-from-step-1].stp\" command as root.\nIf the host is rebooted, the changes will be lost and the script must be\nrun again.\nAlternatively, build the systemtap script on a development system with\n\"stap -g -p 4 [filename-from-step-1].stp\", distribute the resulting kernel\nmodule to all affected systems, and run \"staprun -L \" on those.\nWhen using this approach only systemtap-runtime package is required on the\naffected systems. Please notice that the kernel version must be the same across\nall systems.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.", "A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request." ], "acknowledgement": "Red Hat would like to thank Internet Systems Consortium for reporting this issue. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter.", "upstream_fix": "bind 9.9.10-P2, bind 9.10.5-P2, bind 9.11.1-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3143\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3143\nhttps://kb.isc.org/article/AA-01503" ], "name": "CVE-2017-3143", "mitigation": { "value": "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in parallel. For information on how to configure this type of compound authentication control, please see:\nhttps://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.", "A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash." ], "upstream_fix": "gnutls 3.5.8, gnutls 3.3.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5334\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5334\nhttps://gnutls.org/security.html#GNUTLS-SA-2017-1" ], "name": "CVE-2017-5334", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-05T12:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.", "A vulnerability was found where the gnome-shell lock screen, since version 3.15.91, does not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts and potentially other actions. This vulnerability was fixed in gnome-shell 3.31.5 and 3.30.3." ], "acknowledgement": "Red Hat would like to thank Ray Strode (The GNOME Project) for reporting this issue. Upstream acknowledges Maxime Vellard as the original reporter.", "upstream_fix": "gnome-shell 3.31.5, gnome-shell 3.30.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3820\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3820\nhttps://gitlab.gnome.org/GNOME/gnome-shell/issues/851" ], "name": "CVE-2019-3820", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3169\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3169" ], "name": "CVE-2018-3169", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10535\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10535" ], "name": "CVE-2018-10535", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-284->CWE-201", "details": [ "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.", "An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality." ], "acknowledgement": "Red Hat would like to thank Andy Nguyen (Google) and Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12352\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12352\nhttps://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq\nhttps://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html" ], "csaw": true, "name": "CVE-2020-12352", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).", "It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3252\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3252" ], "name": "CVE-2017-3252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-13T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the \"tftp:// DHCPv6 boot option.\"", "A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank SUSE Security Team for reporting this issue.", "upstream_fix": "shim-0.7 8.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3676\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3676" ], "name": "CVE-2014-3676", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.0.34, mariadb 10.1.30, mariadb 5.5.59, mariadb 10.2.12, mysql 5.6.42, mysql 8.0.13, mysql 5.7.24, mysql 5.5.62", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3133\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3133\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" ], "name": "CVE-2018-3133", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-28T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.", "A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7795\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7795" ], "name": "CVE-2016-7795", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\"", "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3714\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3714" ], "csaw": true, "name": "CVE-2016-3714", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT, SHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2014-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client." ], "statement": "This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8240\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8240" ], "name": "CVE-2014-8240", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-476", "details": [ "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.", "A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message." ], "acknowledgement": "Red Hat would like to thank the NTP project for reporting this issue. Upstream acknowledges Cure53 as the original reporter.", "upstream_fix": "ntp 4.3.94, ntp 4.2.8p10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6463\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6463" ], "name": "CVE-2017-6463", "mitigation": { "value": "Properly monitor your ntpd instances, and auto-restart ntpd (without -g) if it stops running.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags." ], "upstream_fix": "gstreamer1-plugins-good 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5841\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5841" ], "name": "CVE-2017-5841", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-09-07T00:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file." ], "upstream_fix": "libxml2 2.9.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18258\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18258" ], "name": "CVE-2017-18258", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)." ], "upstream_fix": "mariadb 10.0.29, mariadb 10.1.21, mariadb 5.5.54, mysql 5.6.35, mysql 5.5.54, mysql 5.7.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3244\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3244\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" ], "name": "CVE-2017-3244", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:M/C:N/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated." ], "upstream_fix": "mariadb 10.1.10, mariadb 10.0.23, mariadb 5.5.47, mysql 5.6.30, mysql 5.7.12, mysql 5.5.49", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0642\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0642\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0642", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.", "A flaw was found in the Linux kernel's implementation of the RealTek wireless drivers WiFi-direct (or WiFi peer-to-peer) driver implementation. When the RealTek wireless networking hardware is configured to accept WiFi-Direct or WiFi P2P connections, an attacker within the wireless network connectivity radio range can exploit a flaw in the WiFi-direct protocol known as \"Notice of Absence\" by creating specially crafted frames which can then corrupt kernel memory as the upper bounds on the length of the frame is unchecked and supplied by the incoming packet." ], "upstream_fix": "kernel 5.3.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17666\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17666\nhttps://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1" ], "name": "CVE-2019-17666", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-07T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash)." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5180\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5180" ], "name": "CVE-2015-5180", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-14T17:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank Apple Product Security for reporting this issue. Upstream acknowledges Stephan Zeisberg (Security Research Labs) as the original reporter.", "upstream_fix": "cups 2.2.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8675\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8675" ], "name": "CVE-2019-8675", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-532", "details": [ "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0448\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0448\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0448", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-16T12:30:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.", "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication." ], "upstream_fix": "Kernel 6.4-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-2002\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2002\nhttps://www.openwall.com/lists/oss-security/2023/04/16/3" ], "name": "CVE-2023-2002", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.", "A divide-by-zero error was found in the way Poppler handled certain PDF files. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by an application linked to Poppler, would crash the application causing a denial of service." ], "statement": "This flaw did not affect the versions of Poppler as shipped with Red Hat Enterprise Linux 5 and 6, as they did not include the vulnerable code.", "upstream_fix": "poppler 0.79.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14494\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14494" ], "name": "CVE-2019-14494", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-364", "details": [ "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12392\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12392\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392" ], "name": "CVE-2018-12392", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-682", "details": [ "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen." ], "upstream_fix": "openssl 1.1.0g, openssl 1.0.2m", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3736\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3736\nhttps://www.openssl.org/news/secadv/20171102.txt" ], "name": "CVE-2017-3736", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.", "A vulnerability was found in the Linux kernel’s core sound driver code. A use-after-free in a race condition between disconnection events could allow a local attacker who can trigger disconnection events (remove or add hardware) to crash the system, corrupt memory, or escalate privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15214\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15214" ], "name": "CVE-2019-15214", "mitigation": { "value": "As the snd module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install snd /bin/true\" >> /etc/modprobe.d/disable-snd.conf \nThe system will need to be restarted if the snd modules are loaded. In most circumstances, the snd kernel modules will be unable to be unloaded while they are is in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-19T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.", "A vulnerability was found in libarchive's handling of RAR archives. A specially crafted RAR file can cause a heap overflow, potentially leading to code execution in the context of the application." ], "upstream_fix": "libarchive 3.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4302\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4302\nhttp://www.talosintel.com/reports/TALOS-2016-0154/" ], "name": "CVE-2016-4302", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.", "A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Benjamin (Google), Hanno Böck, and Huzaifa Sidhpurwala (Red Hat) as the original reporters.", "upstream_fix": "openssl 1.0.2c, openssl 1.0.1o", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2108\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2108\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2108", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-390", "details": [ "Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.", "Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 on ppc64 and ppc64le platforms. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7 on ppc64 and ppc64le platforms. Future Linux kernel updates for the respective releases might address this issue.\nOnly ppc64 and ppc64le hardware platforms are vulnerable. The Linux kernel packages for other platforms which Red Hat ships (i386, x86_64, s390x) are not vulnerable to this security flaw.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2 as this product is shipped for x86_64 hardware platform only.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7616\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7616" ], "name": "CVE-2017-7616", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4207\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4207\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL" ], "name": "CVE-2014-4207", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-863", "details": [ "When a page's content security policy (CSP) header contains a \"sandbox\" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rhys Enniks as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7803\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7803\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7803" ], "name": "CVE-2017-7803", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-14T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.", "A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future updates for the respective releases may address the issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2384\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2384\nhttp://seclists.org/oss-sec/2016/q1/331\nhttps://lkml.org/lkml/2016/2/13/11" ], "name": "CVE-2016-2384", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-502", "details": [ "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.", "A flaw was found in the Apache Commons BeanUtils, where the class property in PropertyUtilsBean is not suppressed by default. This flaw allows an attacker to access the classloader." ], "upstream_fix": "apache-commons-beanutils 1.9.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10086\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10086\nhttps://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt" ], "name": "CVE-2019-10086", "mitigation": { "value": "There is no currently known mitigation for this flaw.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-02T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-358", "details": [ "The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.", "A flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2924\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2924" ], "name": "CVE-2015-2924", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-749", "details": [ "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1594\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1594\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-89.html" ], "name": "CVE-2014-1594", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' character." ], "upstream_fix": "mutt 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14362\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14362" ], "name": "CVE-2018-14362", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.", "A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash." ], "statement": "This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8241\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8241" ], "name": "CVE-2014-8241", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.", "A flaw was found in FreeRDP between versions 1.0 and 2.0.0. An out-of-bounds memory write was found in the interleaved.c function which could allow an attacker to take over and control the RDP server, including data sent to the client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11524\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11524" ], "name": "CVE-2020-11524", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS." ], "upstream_fix": "mariadb 10.0.24, mariadb 10.1.12, mariadb 5.5.48, mysql 5.6.29, mysql 5.7.11, mysql 5.5.48", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0649\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0649\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixMSQL" ], "name": "CVE-2016-0649", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2790\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2790\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2790", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)." ], "upstream_fix": "mariadb 10.1.26, mariadb 5.5.57, mariadb 10.2.8, mariadb 10.0.32, mysql 5.7.19, mysql 5.6.37, mysql 5.5.57", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3653\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3653\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" ], "name": "CVE-2017-3653", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4840\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4840\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4840", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check.", "A flaw was found in RubyGems. A crafted gem with a multi-line name is not handled correctly allowing an attacker to inject arbitrary code to the stub line of gemspec. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8324\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8324\nhttps://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html\nhttps://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2019-8324", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-13T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "status": "verified" }, "details": [ "The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3145\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3145" ], "name": "CVE-2014-3145", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.", "A buffer overflow was found in strncpy of the pl_getxattr() function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14652\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14652" ], "name": "CVE-2018-14652", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.", "A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "The squid packages are compiled with protections like stack canaries, which should reduce the chance of a successful exploitation dramatically and the most likely outcome is a crash without code execution.", "upstream_fix": "squid 4.11, squid 5.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12519\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12519\nhttp://www.squid-cache.org/Advisories/SQUID-2019_12.txt\nhttps://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt" ], "name": "CVE-2019-12519", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843->CWE-787", "details": [ "A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9795\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9795\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795" ], "name": "CVE-2019-9795", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-23T14:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.", "An authentication bypass flaw has been found in PackageKit that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system." ], "acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue.", "upstream_fix": "PackageKit 1.1.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1106\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1106\nhttp://www.openwall.com/lists/oss-security/2018/04/23/3" ], "name": "CVE-2018-1106", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10346\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10346" ], "name": "CVE-2017-10346", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Navigation events were not fully adhering to the W3C's \"Navigation-Timing Level 2\" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yoav Weiss as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 68.1, firefox 60.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11743\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11743\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743" ], "name": "CVE-2019-11743", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-19T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.", "A use-after-free flaw was found in the unserialize() function of PHP's DateTimeZone implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory." ], "statement": "This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code.", "upstream_fix": "php 5.4.38, php 5.5.22, php 5.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0273\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0273" ], "name": "CVE-2015-0273", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yan as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2733\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2733\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-65.html" ], "name": "CVE-2015-2733", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19059\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19059" ], "name": "CVE-2018-19059", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5258\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5258\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-72.html" ], "name": "CVE-2016-5258", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-05-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.", "A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7502\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7502" ], "name": "CVE-2017-7502", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).", "It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5546\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5546" ], "name": "CVE-2016-5546", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).", "It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3241\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3241" ], "name": "CVE-2017-3241", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-266", "details": [ "Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.", "An incomplete fix for CVE-2017-5226 was found in flatpak. A sandbox bypass flaw was found in the way bubblewrap, which is used for sandboxing flatpak applications handled the TIOCSTI ioctl. A malicious flatpak application could use this flaw to inject commands into the controlled terminal of the host after the flatpak applications exits. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw can be exploited by malicious flatpak applications which include the code to exploit the wrong handling of the TIOCSTI ioctl (AV:L). No special action is needed to be performed by the attacker just having the exploit code should be enough for bypassing the sandbox restrictions (AC:L), Also the applications needs to be downloaded and run by the victim (PR:L). The flaw results in code being executed on the host system which is running the sandboxed application therefore this affects the host beyond the sandboxed application (S:C). Lastly considering the worst scenario in which the flatpak is run as root on the host system, this flaw can result in the malicious application running code as root on the host system (CIA:H).", "upstream_fix": "flatpak 1.3.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10063\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10063" ], "name": "CVE-2019-10063", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-17T17:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.", "Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w)." ], "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "upstream_fix": "procps-ng 3.3.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1124\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1124\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" ], "name": "CVE-2018-1124", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0460\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0460\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0460", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-21T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-697->CWE-266", "details": [ "arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.", "It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word (PSW) was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory." ], "statement": "This issue did not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.", "acknowledgement": "Red Hat would like to thank Martin Schwidefsky (IBM) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3534\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3534" ], "name": "CVE-2014-3534", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5436\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5436\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5436" ], "name": "CVE-2017-5436", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9904\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9904\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9904" ], "name": "CVE-2016-9904", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.", "An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon." ], "upstream_fix": "cups-filters 1.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4337\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4337" ], "name": "CVE-2014-4337", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting \"Load printer settings with the document\" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.", "An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file." ], "upstream_fix": "openoffice 4.1.1, libreoffice 5.0.0, libreoffice 4.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5212\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5212\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/\nhttp://www.openoffice.org/security/cves/CVE-2015-5212.html" ], "name": "CVE-2015-5212", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.", "A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when inode expansion happens." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19767\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19767" ], "name": "CVE-2019-19767", "mitigation": { "value": "The mitigation is not to use debug_want_extra_isize parameter when mounting ext4 FS.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16422\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16422\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16422", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-01-21T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-122", "details": [ "Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.", "An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "upstream_fix": "jasper 1.900.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8157\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8157\nhttp://www.ocert.org/advisories/ocert-2015-001.html" ], "name": "CVE-2014-8157", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-770", "details": [ "iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.", "A denial of service flaw was found in unbound that an attacker could use to trick the unbound resolver into following an endless loop of delegations, consuming an excessive amount of resources." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8602\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8602" ], "name": "CVE-2014-8602", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-10T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0186\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0186" ], "name": "CVE-2014-0186", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges OSS-Fuzz as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12366\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12366\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12366" ], "name": "CVE-2018-12366", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors." ], "upstream_fix": "jasper 2.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9396\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9396" ], "name": "CVE-2016-9396", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3897\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3897\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3897", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.", "A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure." ], "acknowledgement": "Red Hat would like to thank AMD for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-23825\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23825\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037" ], "name": "CVE-2022-23825", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML." ], "upstream_fix": "mariadb 5.5.47, mariadb 10.1.10, mariadb 10.0.23, mysql 5.6.28, mysql 5.5.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0596\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0596\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0596", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.", "A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol (L2CAP), part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3459\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3459" ], "name": "CVE-2019-3459", "mitigation": { "value": "- Disabling the bluetooth hardware in the bios.\n- Prevent loading of the bluetooth kernel modules.\n- Disable the bluetooth connection by putting the system in \"airport\" mode.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", "A reflected cross-site scripting (XSS) vulnerability was found in Python XML-RPC server. The `server_title` field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the affected user." ], "statement": "This flaw does not affect the versions of python27-python as shipped with Red Hat Software Collections 3 as they already include the fix.\nThis flaw does not affect the versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 as they are \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "upstream_fix": "python 2.7.17, python 3.5.8, python 3.6.10, python 3.7.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16935\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16935" ], "name": "CVE-2019-16935", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2821\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2821" ], "name": "CVE-2019-2821", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.", "It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory." ], "upstream_fix": "openssl 0.9.8zb, openssl 1.0.1i, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3508\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3508\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3508", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-22T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20533\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20533" ], "name": "CVE-2018-20533", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4244\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4244\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4244", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-14T15:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-267", "details": [ "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.", "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction." ], "statement": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.", "acknowledgement": "Red Hat would like to thank the Sudo project for reporting this issue. Upstream acknowledges Joe Vennix (Apple Information Security) as the original reporter.", "upstream_fix": "sudo 1.8.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14287\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14287\nhttps://www.sudo.ws/alerts/minus_1_uid.html" ], "csaw": true, "name": "CVE-2019-14287", "mitigation": { "value": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\nor by reference to a runas alias:\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2017-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.", "A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.10.4-P8, bind 9.9.9-P8, bind 9.11.0-P5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3137\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3137\nhttps://kb.isc.org/article/AA-01466" ], "name": "CVE-2017-3137", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-25T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-665->CWE-787", "details": [ "The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.", "It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5194\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5194" ], "name": "CVE-2015-5194", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8644\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8644\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8644", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19475\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19475\nhttps://blog.semmle.com/ghostscript-CVE-2018-19475/" ], "name": "CVE-2018-19475", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-27T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.", "A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.9-P3, bind 9.10.4-P3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2776\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2776\nhttps://kb.isc.org/article/AA-01419/0" ], "csaw": true, "name": "CVE-2016-2776" }, { "threat_severity": "Moderate", "public_date": "2015-08-06T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-122", "details": [ "The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.", "A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system." ], "statement": "This issue did not affect the Linux kernel packages as shipped with Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Jason Wang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5156\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5156" ], "name": "CVE-2015-5156", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-299", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.", "A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4748\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4748\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4748", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-400", "details": [ "In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 6.9.10-12, ImageMagick 7.0.8-12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15607\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15607" ], "name": "CVE-2018-15607", "mitigation": { "value": "Administrators can mitigate this issue by setting reasonable limits on size of processed image, consumed memory, time limit, etc. For example, disallowing the processing of large images (e.g. having either width or height larger than 10240 pixels) which consumes a lot of CPU time can be done by adding the following XML child elements under element in /etc/ImageMagick/policy.xml:\n```\n\n\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.", "It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman." ], "upstream_fix": "mailman 2.1.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2775\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2775" ], "name": "CVE-2015-2775", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8574\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8574" ], "name": "CVE-2016-8574", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).", "A flaw was found in the Linux kernel when freeing pages in hugetlbfs. This could trigger a local denial of service by crashing the kernel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15127\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15127" ], "name": "CVE-2017-15127", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4209\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4209\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4209", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 68.3, firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17012\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17012\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012" ], "name": "CVE-2019-17012", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-122", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0469\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0469\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0469", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.", "A cross-site scripting vulnerability (XSS) has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts." ], "upstream_fix": "mailman 2.1.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0618\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0618" ], "name": "CVE-2018-0618", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-23T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-193", "details": [ "Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.", "An out-of-bounds heap read flaw was found in GStreamer's H.264 parser. A remote attacker could use this flaw to cause an application using GStreamer to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9809\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9809" ], "name": "CVE-2016-9809", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.", "A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client." ], "acknowledgement": "This issue was discovered by Vivek Das (Red Hat).", "upstream_fix": "samba 4.7.9, samba 4.8.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1139\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1139\nhttps://www.samba.org/samba/security/CVE-2018-1139.html" ], "name": "CVE-2018-1139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-12T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.", "It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8126\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8126" ], "name": "CVE-2015-8126", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-400", "details": [ "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.", "The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the code with the flaw is not present in this product.", "upstream_fix": "kernel 4.14.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18203\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18203" ], "name": "CVE-2017-18203", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-01T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.", "It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) containing BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0848\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0848" ], "name": "CVE-2015-0848", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2438\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2438\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL" ], "name": "CVE-2014-2438", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.", "Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine." ], "statement": "Red Hat Enterprise Linux 6 and Satellite 5 are now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter.", "upstream_fix": "postgresql 9.5.10, postgresql 9.6.6, postgresql 9.3.20, postgresql 10.1, postgresql 9.4.15, postgresql 9.2.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12172\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12172\nhttps://www.postgresql.org/about/news/1801/" ], "name": "CVE-2017-12172", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5734\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5734\nhttps://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" ], "name": "CVE-2017-5734", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-02-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow.", "An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5885\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5885" ], "name": "CVE-2017-5885", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8672\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8672\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8672", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c." ], "upstream_fix": "freetype 2.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-9381\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9381" ], "name": "CVE-2015-9381", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2736\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2736\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2736", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19107\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19107" ], "name": "CVE-2018-19107", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.59, mariadb 10.1.31, mariadb 10.2.13, mariadb 10.0.34, mysql 5.5.59, mysql 5.6.39, mysql 5.7.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2640\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2640\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" ], "name": "CVE-2018-2640", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes." ], "statement": "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18310\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18310" ], "name": "CVE-2018-18310", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5203\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5203" ], "name": "CVE-2017-5203", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-266", "details": [ "The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.", "A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page." ], "statement": "This flaw can be triggered for static error pages only if the readonly property for the DefaultServlet is set to false in the $CATALINA_HOME/conf/web.xml file. The default for readonly is true.", "upstream_fix": "tomcat 8.0.44, tomcat 7.0.78, tomcat 8.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5664\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5664\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15" ], "name": "CVE-2017-5664", "mitigation": { "value": "If it is necessary to have the DefaultServlet property readonly=false, use a jsp error page, for example Error404.jsp rather than a static html error page. Alternatively do not specify an error-page in the Deployment Descriptor and use a custom ErrorReportValve.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-08T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7975\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7975" ], "name": "CVE-2014-7975", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption." ], "statement": "This issue affects the versions of qt5-qtimageformats and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19871\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19871" ], "name": "CVE-2018-19871", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2727\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2727\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-60.html" ], "name": "CVE-2015-2727", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5438\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5438\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5438" ], "name": "CVE-2017-5438", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-805->CWE-125", "details": [ "In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11085\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11085" ], "name": "CVE-2020-11085", "mitigation": { "value": "To mitigate this flaw in vulnerable versions, clipboard support should be disabled for freerdp sessions.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-31T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "An integer overflow in process_bin_sasl_auth function in Memcached, which is responsible for authentication commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in memcached's parsing of SASL authentication messages. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code." ], "statement": "The version of memcached as shipped with Red Hat OpenStack Platform 9 is affected by this issue however will not be updated. The latest version of memcached from Red Hat Enterprise Linux 7 can safely be allowed to supersede the earlier versions provided in the Red Hat OpenStack Platform channels.", "upstream_fix": "memcached 1.4.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8706\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8706\nhttp://www.talosintelligence.com/reports/TALOS-2016-0221/" ], "name": "CVE-2016-8706", "mitigation": { "value": "This flaw requires memcached to be running with SASL authentication enabled, which is not the default setting. If your memcached instances are running without the \"-S\" command-line option, they are not vulnerable.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-13T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files." ], "statement": "This issue affects the versions of evince as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11459\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11459" ], "name": "CVE-2019-11459", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges André Bargull, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Kan-Ru Chen, Nathan Froyd, and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5398\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5398\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5398" ], "name": "CVE-2017-5398", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Catalin Dumitru as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5250\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5250\nhttps://www.mozilla.org/security/advisories/mfsa2016-84/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5250", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"" ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7174\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7174\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7174", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3." ], "upstream_fix": "bind 9.11.4-P2, bind 9.12.2-P2, bind 9.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5741\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5741\nhttps://kb.isc.org/docs/cve-2018-5741" ], "name": "CVE-2018-5741", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9661\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9661" ], "name": "CVE-2014-9661", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-203->CWE-787", "details": [ "The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9792\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9792\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792" ], "name": "CVE-2019-9792", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-77", "details": [ "The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.", "It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command." ], "acknowledgement": "Red Hat would like to thank Sebastian Krahmer (SUSE Security Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1815\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1815" ], "name": "CVE-2015-1815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.", "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication." ], "upstream_fix": "httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2161\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2161\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" ], "name": "CVE-2016-2161", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6551\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6551" ], "name": "CVE-2014-6551", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "(CWE-122|CWE-190)->CWE-125", "details": [ "An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.", "A heap-buffer out-of-bounds read flaw was found in libexif's MakerNote tag parser. This flaw allows an unauthenticated attacker or authenticated attacker with low privileges to exploit the flaw remotely in an application that uses libexif to process EXIF data from media files if the file upload is allowed. An attacker could create a specially crafted image file that, when processed by libexif, would cause the application to crash or, potentially expose data from the application's memory. This attack leads to a denial of service or a memory information leak that could assist in further exploitation." ], "upstream_fix": "libexif 0.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13112\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13112" ], "name": "CVE-2020-13112", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two different sites on two different windows running under the same application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kris Maglione as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11762\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11762\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762" ], "name": "CVE-2019-11762", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.", "It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6457\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6457\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6457", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "details": [ "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd." ], "upstream_fix": "ntp 4.2.8p4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7702\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7702\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner\nhttps://github.com/ntp-project/ntp/blob/stable/NEWS#L11" ], "name": "CVE-2015-7702", "mitigation": { "value": "Disable NTP autokey authentication by removing, or commenting out, all configuration directives beginning with the 'crypto' keyword in your ntp.conf file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-749", "details": [ "By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11761\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11761\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761" ], "name": "CVE-2019-11761", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-19T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.", "A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code." ], "upstream_fix": "glibc 2.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9761\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9761" ], "name": "CVE-2014-9761", "mitigation": { "value": "Do not use any applications which call the affected nan* functions. These functions are used only very rarely.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2710\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2710\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-48.html" ], "name": "CVE-2015-2710", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-78", "details": [ "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", "A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6271\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6271\nhttps://access.redhat.com/articles/1200223\nhttps://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack" ], "csaw": true, "name": "CVE-2014-6271" }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.", "A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4344\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4344" ], "name": "CVE-2014-4344", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Heather Miller (Google Skia team) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5467\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5467\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5467" ], "name": "CVE-2017-5467", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nBy carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sergei Glazunov (Google Project Zero) as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6806\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6806\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806" ], "name": "CVE-2020-6806", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-12-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.", "A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL." ], "upstream_fix": "openssl 1.0.2d, openssl 1.0.1p, openssl 1.0.0t", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3196\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3196\nhttps://openssl.org/news/secadv/20151203.txt" ], "name": "CVE-2015-3196", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-26T18:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.", "A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command (by default, any local user can execute sudo) without authentication. Successful exploitation of this flaw could lead to privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw does not affect the versions of sudo shipped with Red Hat Enterprise Linux 5, because the vulnerable code was not present in these versions.", "upstream_fix": "sudo 1.9.5p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3156\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3156\nhttps://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt\nhttps://www.sudo.ws/alerts/unescape_overflow.html" ], "csaw": true, "name": "CVE-2021-3156", "mitigation": { "value": "Red Hat Product Security strongly recommends customers to update to fixed sudo packages once they are available. For customers who cannot update immediately, the following interim partial mitigation using systemtap is suggested:\n1. Install required systemtap packages and dependencies: \n```\nsystemtap yum-utils kernel-devel-\"$(uname -r)\"\n```\nThen for RHEL 7 install kernel debuginfo, using:\n```\ndebuginfo-install -y kernel-\"$(uname -r)\" \n```\nThen for RHEL 8 & 6 install sudo debuginfo, using:\n```\ndebuginfo-install sudo\n```\n2. Create the following systemtap script: (call the file as sudoedit-block.stap)\n```\nprobe process(\"/usr/bin/sudo\").function(\"main\") {\ncommand = cmdline_args(0,0,\"\");\nif (isinstr(command, \"edit\")) {\nraise(9);\n}\n}\n```\n3. Install the script using the following command: (using root)\n```\n# nohup stap -g sudoedit-block.stap &\n```\n(This should output the PID number of the systemtap script)\nThis script will cause the vulnerable sudoedit binary to stop working. The sudo command will still work as usual.\nThe above change does not persist across reboots and must be applied after each reboot.\nPlease consult How to make a systemtap kernel module load persistently across reboots? (https://access.redhat.com/solutions/5752521) to learn how to\nturn this into a service managed by initd. \n4. Once the new fixed packages are installed, the systemtap script can be removed by killing the systemtap process. For example, by using:\n```\n# kill -s SIGTERM 7590\n```\n(where 7590 is the PID of the systemtap process)", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.", "A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6053\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6053" ], "name": "CVE-2014-6053", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-03-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11045\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11045" ], "name": "CVE-2020-11045", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3900\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3900\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3900", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1." ], "upstream_fix": "Thunderbird 60.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11706\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11706\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-17/" ], "name": "CVE-2019-11706", "mitigation": { "value": "Thunderbird can be configured to use icaljs instead of libical by setting `calendar.icaljs = true` in preferences, mitigating this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-611", "details": [ "xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service", "It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000061\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000061" ], "name": "CVE-2017-1000061", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-06T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-122->CWE-190->CWE-194", "details": [ "revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.", "An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code." ], "statement": "Red Hat Product Security has rated these issues as having Important security impact. For additional information, refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/2201201", "upstream_fix": "git 2.6.6, git 2.5.5, git 2.7.4, git 2.4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2315\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2315" ], "csaw": true, "name": "CVE-2016-2315" }, { "threat_severity": "Important", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.", "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to disclose the contents of arbitrary files." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3717\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3717" ], "name": "CVE-2016-3717", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-09T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input." ], "acknowledgement": "Red Hat would like to thank Liu Bingchang (IIE) for reporting this issue.", "upstream_fix": "jasper 2.0.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9583\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9583" ], "name": "CVE-2016-9583", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.", "A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request." ], "upstream_fix": "httpd 2.2.34, httpd 2.4.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3169\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3169\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-3169", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10096\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10096" ], "name": "CVE-2017-10096", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-02-24T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "In the Linux kernel, the following vulnerability has been resolved:\nsched/membarrier: reduce the ability to hammer on sys_membarrier\nOn some systems, sys_membarrier can be very expensive, causing overall\nslowdowns for everything. So put a lock on the path in order to\nserialize the accesses to prevent the ability for this to be called at\ntoo high of a frequency and saturate the machine.", "A flaw was found in sys_membarrier in the Linux kernel in sched/membarrier in how a user calls it at too high of a frequency. This flaw allows a local user to saturate the machine." ], "upstream_fix": "kernel 4.19.307, kernel 5.4.269, kernel 5.10.210, kernel 5.15.149, kernel 6.1.79, kernel 6.6.18, kernel 6.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-26602\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26602\nhttps://github.com/torvalds/linux/commit/944d5fe50f3f03daacfea16300e656a1691c4a23\nhttps://lore.kernel.org/linux-cve-announce/2024022414-CVE-2024-26602-5e76@gregkh/" ], "name": "CVE-2024-26602", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c." ], "upstream_fix": "ImageMagick 6.9.10-25, ImageMagick 7.0.8-25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7397\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7397" ], "name": "CVE-2019-7397", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.", "It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user." ], "statement": "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Daniel Stenberg (curl upstream) for reporting this issue. Upstream acknowledges Paras Sethia as the original reporter.", "upstream_fix": "curl 7.42.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3143\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3143\nhttp://curl.haxx.se/docs/adv_20150422A.html" ], "name": "CVE-2015-3143", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6." ], "upstream_fix": "LibreOffice 6.2.6, LibreOffice 6.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9851\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9851\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851" ], "name": "CVE-2019-9851", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-250", "details": [ "base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.", "A vulnerability was found in the Linux kernel’s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17055\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17055" ], "name": "CVE-2019-17055", "mitigation": { "value": "At this time the only known way to 'mitigate' this flaw is to blacklist the kernel module from being loaded. Creating raw sockets with this protocol is a method of communicating with ISDN hardware, a technology that is becoming less and less common.\nCheck https://access.redhat.com/solutions/41278 for instructions on how to disable the mISDN_core.ko module.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-626", "details": [ "PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as demonstrated by a filename\\0.extension attack that bypasses an intended configuration in which client users may read files with only one specific extension.", "It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions." ], "upstream_fix": "php 5.6.8, php 5.4.40, php 5.5.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3412\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3412" ], "name": "CVE-2015-3412", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2494\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2494\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL" ], "name": "CVE-2014-2494", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-326", "details": [ "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity." ], "statement": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "acknowledgement": "Red Hat would like to thank Moshe Kol (JSOF) and Shlomi Oberman (JSOF) for reporting this issue.", "upstream_fix": "dnsmasq 2.83", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25685\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25685\nhttps://www.jsof-tech.com/disclosures/dnspooq/" ], "csaw": true, "name": "CVE-2020-25685", "mitigation": { "value": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit ` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system’s environment before applying.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2016-10-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack.", "It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8602\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8602" ], "name": "CVE-2016-8602", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.", "A flaw was found in the PowerPc platform, where the kernel will panic if the transactional memory is disabled. An attacker could use this flaw to panic the system by constructing a signal context through the transactional memory MSR bits set." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13648\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13648" ], "name": "CVE-2019-13648", "csaw": false }, { "threat_severity": "Low", "public_date": "2012-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sabri Haddouche as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7829\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7829\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829" ], "name": "CVE-2017-7829", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tiff file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9133\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9133" ], "name": "CVE-2018-9133", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chamal De Silva as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5443\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5443\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5443" ], "name": "CVE-2017-5443", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-03-21T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript." ], "statement": "This issue does not affect the version of thunderbird package as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0817\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0817\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-29" ], "name": "CVE-2015-0817", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed." ], "statement": "Red Hat OpenStack consumes fixes from the base Red Hat Enterprise Linux Operating System. Therefore the libxslt package provided by Red Hat OpenStack has been marked as 'will not fix'.", "upstream_fix": "libxslt 1.1.34", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18197\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18197" ], "name": "CVE-2019-18197", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.", "A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the version of the kernel packages as shipped with Red Hat Enterprise Linux 6 and 7, and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 will address this issue.\nFor further information please refer to the vulnerability article in the Customer Portal: https://access.redhat.com/security/vulnerabilities/blueborne", "acknowledgement": "Red Hat would like to thank Armis Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000251\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000251\nhttps://access.redhat.com/blogs/product-security/posts/blueborne\nhttps://access.redhat.com/security/vulnerabilities/blueborne\nhttps://access.redhat.com/solutions/3177231\nhttps://www.armis.com/blueborne/" ], "csaw": true, "name": "CVE-2017-1000251" }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11043\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11043" ], "name": "CVE-2020-11043", "mitigation": { "value": "To mitigate this flaw, do not use /rfx, /gfx or /network:auto command line options in the freerdp client.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400->CWE-476", "details": [ "In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.", "A flaw was found in the Linux kernel's implementation of networking tunnel device ioctl. A local attacker can cause a denial of service (NULL pointer dereference and panic) via an ioctl (TUNSETIFF) call with a dev name containing a / character." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7191\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7191" ], "name": "CVE-2018-7191", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file." ], "upstream_fix": "gstreamer1-plugins-base 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5837\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5837" ], "name": "CVE-2017-5837", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-31T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.", "A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password lockout policy." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7551\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7551" ], "name": "CVE-2017-7551", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "okular version 18.08 and earlier contains a Directory Traversal vulnerability in function \"unpackDocumentArchive(...)\" in \"core/document.cpp\" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1", "A path traversal vulnerability has been discovered in Okular, in the way it creates temporary files when reading an Okular archive. Paths are read from content.xml and they are not properly sanitized before being used as template file names for the temporary files created when extracting the Okular archive, thus allowing a local attacker to write files outside the target temporary directory." ], "upstream_fix": "okular 18.08.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000801\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000801" ], "name": "CVE-2018-1000801", "mitigation": { "value": "Check Okular archives with `unzip -l .okular` before opening them. Do not open them with Okular if they contain files with \"../\".", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.", "A flaw was discovered where git improperly validates submodules' names used to construct git metadata paths and does not prevent them from being nested in existing directories used to store another submodule's metadata. A remote attacker could abuse this flaw to trick a victim user into cloning a malicious repository containing submodules, which, when recursively cloned, would trigger the flaw and remotely execute code on the victim's machine." ], "statement": "This issue did not affect the versions of git as shipped with Red Hat Enterprise Linux 6 as they did not use submodules names to construct git metadata paths.", "upstream_fix": "git 2.21.1, git 2.15.4, git 2.20.2, git 2.22.2, git 2.14.6, git 2.16.6, git 2.17.3, git 2.24.1, git 2.19.3, git 2.23.1, git 2.18.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1387\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1387\nhttps://github.com/git/git/security/advisories/GHSA-4wfr-gwrh-8mj2" ], "name": "CVE-2019-1387", "mitigation": { "value": "Avoid running `git clone --recurse-submodules` and `git submodule update` with untrusted repositories.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-26T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2." ], "statement": "Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "firefox 59.0.2, firefox 52.7.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5148\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5148\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-10/" ], "name": "CVE-2018-5148", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8945\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8945" ], "name": "CVE-2018-8945", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI." ], "upstream_fix": "icedtea 2.4.7, icedtea 1.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0460\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0460\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0460", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.", "It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services." ], "acknowledgement": "This issue was discovered by Petr Spacek (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7030\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7030" ], "name": "CVE-2016-7030", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15855\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15855" ], "name": "CVE-2018-15855", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-444", "details": [ "In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.", "A flaw was found in python-twisted-web, where it does not correctly process HTTP requests, accepting requests with more than one Content-Length header. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example, a proxy, back-end, or web application firewall, a remote attacker can use this flaw to perform an HTTP request smuggling attack. This flaw impacts the system differently based on the type of application and the infrastructure." ], "statement": "OpenShift Container Platform 4.3 and later includes `python-twisted` as a dependency of `python-prometheus_client` in Ironic container images, however the affected code is not used.\nRed Hat OpenStack Platform packages the flawed code, however python-twisted's web.HTTP functionality is not used in the RHOSP environment. For this reason, the RHOSP impact has been lowered to moderate and no update will be provided at this time for the RHOSP python-twisted package.\nRed Hat Satellite uses affected versions of `python-twisted` and `python-twisted-web` modules in Pulp, however, it is not vulnerable since `http` modal of web implementation is not expose in product. Red Hat Satellite may update `python-twisted` and `python-twisted-web` in future.\nThis issue affects the version of python-twisted(embedded in calamari-server) shipped with Red Hat Ceph Storage 2. However, calamari is no longer supported, hence the embedded python-twisted package will not be fixed.", "upstream_fix": "twisted 20.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10108\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10108\nhttps://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst" ], "name": "CVE-2020-10108", "mitigation": { "value": "When python-twisted-web is used as the back-end of your infrastructure, you can partially mitigate the problem by ensuring that each request on the front-end component (e.g. proxy) is sent over a separate network connection to the python-twisted-web server. This will prevent interference between different users, but it will not prevent all possible attacks that can be performed, which would vary based on the infrastructure and application in use.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges F. Alonso (revskills) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12362\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12362\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12362" ], "name": "CVE-2018-12362", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-18T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the jp2_decode function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 file.", "A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "upstream_fix": "jasper 1.900.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8138\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8138\nhttp://www.ocert.org/advisories/ocert-2014-012.html" ], "name": "CVE-2014-8138", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-02T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.", "A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5722\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5722\nhttps://kb.isc.org/article/AA-01287/0" ], "name": "CVE-2015-5722", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-18T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019.", "A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code." ], "statement": "This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5 and 6 or the versions of php53 as shipped with Red Hat Enterprise Linux 5.\nThe PHP manual documents that using unserialize() on untrusted user input is unsafe and not recommended.", "upstream_fix": "php 5.6.4, php 5.4.36, php 5.5.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8142\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8142" ], "name": "CVE-2014-8142", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.", "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel can cause a NULL pointer dereference in xfs_ilock_attr_map_shared function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted xfs filesystem image to cause a kernel panic and thus a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10322\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10322" ], "name": "CVE-2018-10322", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-17T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "The cert_revoke command in FreeIPA does not check for the \"revoke certificate\" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the \"retrieve certificate\" permission.", "An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack." ], "acknowledgement": "This issue was discovered by Fraser Tweedale (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5404\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5404" ], "name": "CVE-2016-5404", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7928\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7928" ], "name": "CVE-2016-7928", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "5.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4260\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4260\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL" ], "name": "CVE-2014-4260", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.", "It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5.\nIn a default or common use of Red Hat Enterprise Linux 6 and 7 this issue does not allow an unprivileged local user elevate their privileges on the system. In order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux 6 does not have namespaces support and Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local unprivileged users also cannot abuse namespaces feature to grant this capability to themselves and elevate their privileges.\nSo, this issue does not affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 in the default configuration. Future updates for the respective releases will address this issue to secure non-default configurations.\nIn the non-default configuration mentioned above only Red Hat Enterprise Linux 7 is vulnerable to a privilege escalation. Red Hat Enterprise Linux 6 is vulnerable only to a denial of service (DoS) due to a system crash, hence the impact on Red Hat Enterprise Linux 6 is rated as being Moderate.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7308\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7308\nhttps://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html" ], "name": "CVE-2017-7308", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11086\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11086" ], "name": "CVE-2020-11086", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5296\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5296\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-5296", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5270\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5270\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5270", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Golubovic as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1954\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1954\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-17.html" ], "name": "CVE-2016-1954", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-07-23T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.", "It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information." ], "upstream_fix": "xfsprogs 3.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2012-2150\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-2150" ], "name": "CVE-2012-2150", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10348\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10348" ], "name": "CVE-2017-10348", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c." ], "upstream_fix": "ImageMagick 6.9.10-25, ImageMagick 7.0.8-25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7175\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7175" ], "name": "CVE-2019-7175", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.", "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. An attacker can use this flaw to create files and execute arbitrary code. To exploit this, the attacker would require sufficient access to modify the extended attributes of files on a gluster volume." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10904\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10904" ], "name": "CVE-2018-10904", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks against authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.", "Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server." ], "statement": "Red Hat OpenStack Platform currently only utilizes the client and python client API bindings, not the server components of openwsman. Additionally, updates for this package are received through the Red Hat Enterprise Linux repository.\nRed Hat Enterprise Virtualization uses only the openwsman-python client API bindings, not the server components of openwsman.\nThis issue affects the versions of openwsman as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Adam Mariš (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3833\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3833\nhttp://bugzilla.suse.com/show_bug.cgi?id=1122623" ], "name": "CVE-2019-3833", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory." ], "statement": "This issue affects the verison of wireshark as shipped with Red Hat Enterprsie Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.", "upstream_fix": "Wireshark 1.12.3, Wireshark 1.10.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0562\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0562\nhttps://www.wireshark.org/security/wnpa-sec-2015-03.html" ], "name": "CVE-2015-0562", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9675\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9675" ], "name": "CVE-2014-9675", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-11T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.", "A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2851\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2851" ], "name": "CVE-2014-2851", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-459", "details": [ "An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.", "A denial of service flaw was found in fuse_do_getattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system." ], "statement": "This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux from 8.3 and prior the versions. RHEL 8.4 and later versions are not affected.", "upstream_fix": "Linux kernel 5.11-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-36322\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36322\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454" ], "name": "CVE-2020-36322", "mitigation": { "value": "As the FUSE module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install fuse /bin/true\" >> /etc/modprobe.d/disable-fuse.conf\nThe system will need to be restarted if the FUSE modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while the FUSE filesystems are in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-27T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", "A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password." ], "statement": "This issue does not affect the version of krb5 package as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2694\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2694" ], "name": "CVE-2015-2694", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.", "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE)." ], "statement": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745", "upstream_fix": "tomcat 9.0.31, tomcat 8.5.51, tomcat 7.0.100", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1938\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1938\nhttps://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51\nhttps://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31\nhttps://www.cnvd.org.cn/webinfo/show/5415\nhttps://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" ], "name": "CVE-2020-1938", "mitigation": { "value": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2802\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2802\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2802", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.", "An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure." ], "upstream_fix": "krb5 1.14.1, krb5 1.13.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8629\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8629" ], "name": "CVE-2015-8629", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-13T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The dissect_v9_v10_pdu_data function in epan/dissectors/packet-netflow.c in the Netflow dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 refers to incorrect offset and start variables, which allows remote attackers to cause a denial of service (uninitialized memory read and application crash) via a crafted packet." ], "upstream_fix": "wireshark 1.10.10, wireshark 1.12.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6424\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6424\nhttps://www.wireshark.org/security/wnpa-sec-2014-14.html" ], "name": "CVE-2014-6424", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7756\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7756\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756" ], "name": "CVE-2017-7756", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7635\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7635" ], "name": "CVE-2019-7635", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.", "It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8797\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8797" ], "name": "CVE-2017-8797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-29T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.", "A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9529\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9529" ], "name": "CVE-2014-9529", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key." ], "upstream_fix": "openssl 1.1.0i, openssl 1.0.2p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0737\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0737\nhttp://www.openwall.com/lists/oss-security/2018/04/16/3\nhttps://www.openssl.org/news/secadv/20180416.txt" ], "name": "CVE-2018-0737", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", "It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash or an unspecified behavior." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Duy Phan Thanh as the original reporter.", "upstream_fix": "curl 7.59.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000120\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000120\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html" ], "name": "CVE-2018-1000120", "mitigation": { "value": "Preventing application from using non-default CURLOPT_FTP_FILEMETHOD will avoid triggering the vulnerable code.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.", "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10878\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10878" ], "name": "CVE-2018-10878", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-06-21T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-77", "details": [ "The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.", "A shell command injection flaw was found in the way the setroubleshoot allow_execstack plugin executed external commands. A local attacker able to trigger an execstack SELinux denial could use this flaw to execute arbitrary code with root privileges." ], "acknowledgement": "This issue was discovered by Milos Malik (Red Hat).", "upstream_fix": "setroubleshoot-plugins 3.3.9.1, setroubleshoot-plugins 3.2.27.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4446\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4446" ], "name": "CVE-2016-4446", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command.", "It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4696\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4696" ], "name": "CVE-2015-4696", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13741\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13741" ], "name": "CVE-2017-13741", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-05T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.", "It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data." ], "statement": "This issue does not affect the versions of libvirt packages as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of libvirt packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "acknowledgement": "This issue was discovered by Eric Blake (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7823\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7823" ], "name": "CVE-2014-7823", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6469\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6469" ], "name": "CVE-2014-6469", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-02-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-331", "details": [ "It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.", "It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list." ], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2626\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2626" ], "name": "CVE-2017-2626", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-11-10T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.", "A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Liu Wei (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7841\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7841" ], "name": "CVE-2014-7841", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125->CWE-787", "details": [ "The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \\0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.", "An integer underflow flaw leading to out-of-bounds memory access was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened." ], "upstream_fix": "php 5.4.41, php 5.6.9, php 5.5.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4021\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4021" ], "name": "CVE-2015-4021", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-01-22T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.", "A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue did not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Sun Baoliang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1421\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1421" ], "name": "CVE-2015-1421", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 68.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17024\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17024\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024" ], "name": "CVE-2019-17024", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-120", "details": [ "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.", "An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8140\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8140\nhttp://www.ocert.org/advisories/ocert-2014-011.html" ], "name": "CVE-2014-8140", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-28T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:C", "status": "verified" }, "cwe": "CWE-119", "details": [ "kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.", "An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3917\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3917" ], "name": "CVE-2014-3917", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4449\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4449" ], "name": "CVE-2016-4449", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11070\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11070" ], "name": "CVE-2019-11070", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.", "Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0794" ], "name": "CVE-2016-0794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc." ], "upstream_fix": "poppler 0.76.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-21009\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-21009" ], "name": "CVE-2018-21009", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage." ], "upstream_fix": "ImageMagick 6.9.10-36, ImageMagick 7.0.8-36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16709\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16709" ], "name": "CVE-2019-16709", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-17T17:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.", "If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function." ], "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "upstream_fix": "procps-ng 3.3.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1122\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1122\nhttps://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" ], "name": "CVE-2018-1122", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-16T00:00:00Z", "cvss": { "cvss_base_score": "1.5", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply." ], "acknowledgement": "This issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5748\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5748" ], "name": "CVE-2018-5748", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers in t2p_process_jpeg_strip(). Reported as MSVR 35098, aka \"t2p_process_jpeg_strip heap-buffer-overflow.\"" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9536\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9536" ], "name": "CVE-2016-9536", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7935\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7935" ], "name": "CVE-2016-7935", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-17T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.", "Use after free vulnerability was found in percpu using previously allocated memory in bpf. First __alloc_percpu_gfp() is called, then the memory is freed with free_percpu() which triggers async pcpu_balance_work and then pcpu_extend_area_map could use a chunk after it has been freed." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 and may be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4794" ], "name": "CVE-2016-4794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.", "An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0407\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0407\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2015-0407", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-02T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.", "A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys." ], "upstream_fix": "NetworkManager 1.0.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0764\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0764\nhttps://mail.gnome.org/archives/networkmanager-list/2016-April/msg00000.html" ], "name": "CVE-2016-0764", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.", "It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Juraj Somorovsky as the original reporter.", "upstream_fix": "openssl 1.0.1t, openssl 1.0.2h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2107\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2107\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2107", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-11-07T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.", "A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-2929\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2929" ], "name": "CVE-2013-2929", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort." ], "upstream_fix": "389-ds-base 1.3.8.7, 389-ds-base 1.4.0.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10935\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10935" ], "name": "CVE-2018-10935", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.", "A flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0470\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0470\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0470", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-16T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.", "It was discovered that the atl2_probe() function in the Atheros L2 Ethernet driver in the Linux kernel incorrectly enabled scatter/gather I/O. A remote attacker could use this flaw to obtain potentially sensitive information from the kernel memory." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 as the suspected driver does not advertise that it has scatter-gather feature, which presence is essential for the flaw.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2, namely the [atl2] Ethernet driver which is the only driver affected. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Justin Yackoski (Cryptonite) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2117\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2117" ], "name": "CVE-2016-2117", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-212", "details": [ "When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11711\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11711\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11711" ], "name": "CVE-2019-11711", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-909", "details": [ "It was found that cockpit before version 184 used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash.", "It was found that cockpit used glib's base64 decode functionality incorrectly resulting in a denial of service attack. An unauthenticated attacker could send a specially crafted request with an invalid base64-encoded cookie which could cause the web service to crash." ], "statement": "Red Hat Enterprise Linux (RHEL) ships binary packages built from the cockpit source RPM, which was affected by this flaw and subsequently updated to address the issue.\nAll OpenShift Container Platform (OCP) versions to date ship with an image that contains a cockpit-kubernetes RPM, built separately from the same cockpit SRPM. The cockpit-kubernetes RPM is not affected by this vulnerability as it does not contain the affected code, thus OCP is also marked \"not affected\". Updates for all other cockpit RPMs should be applied from the appropriate RHEL channels.", "upstream_fix": "cockpit 184", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3804\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3804\nhttps://github.com/cockpit-project/cockpit/pull/10819" ], "name": "CVE-2019-3804", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.", "A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.10.3-P4, bind 9.9.8-S6, bind 9.9.8-P4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1285\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1285\nhttps://kb.isc.org/article/AA-01352" ], "name": "CVE-2016-1285", "mitigation": { "value": "Restrict access to the control channel (by using the \"controls\" configuration statement in named.conf) to allow connection only from trusted systems.\nNote that if no \"controls\" statement is present, named defaults to allowing control channel connections only from localhost (127.0.0.1 and ::1) if and only if the file rndc.key exists in the configuration directory and contains valid key syntax. If rndc.key is not present and no \"controls\" statement is present in named.conf, named will not accept commands on the control channel.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16646\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16646" ], "name": "CVE-2018-16646", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file." ], "upstream_fix": "ImageMagick 7.0.8-41, ImageMagick 6.9.10-41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14981\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14981" ], "name": "CVE-2019-14981", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "An issue was discovered in ZZIPlib 0.13.68. There is a memory leak triggered in the function zzip_mem_disk_new in memdisk.c, which will lead to a denial of service attack.", "A memory leak was found in unzip-mem.c and unzzip-mem.c of ZZIPlib, up to v0.13.68, that could lead to resource exhaustion. Local attackers could leverage this vulnerability to cause a denial of service via a crafted zip file." ], "upstream_fix": "zziplib 0.13.69", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7727\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7727" ], "name": "CVE-2018-7727", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.", "It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6517\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6517\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6517", "csaw": false }, { "public_date": "2022-06-02T00:00:00Z", "cwe": "CWE-416", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." ], "statement": "Red Hat Product Security does not consider this to be a vulnerability.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1966\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1966" ], "name": "CVE-2022-1966", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anonymous as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5405\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5405\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5405" ], "name": "CVE-2017-5405", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-15T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-841", "details": [ "arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.", "A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 4, 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux\nkernel updates for the respective releases will address this issue.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9322\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9322" ], "name": "CVE-2014-9322", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker", "A flaw was found in bind. An assertion failure can occur when a specially crafted query for a zone signed with an RSA key. BIND must be compiled with \"--enable-native-pkcs11\" for the system to be affected. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Lyu Chiy as the original reporter.", "upstream_fix": "bind 9.11.22, bind 9.16.6, bind 9.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8623\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8623\nhttps://kb.isc.org/docs/cve-2020-8623" ], "name": "CVE-2020-8623", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The \"OpenID Connect Relying Party and OAuth 2.0 Resource Server\" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an \"AuthType oauth20\" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.", "It was found that mod_auth_openidc did not properly sanitize HTTP headers for certain request paths. A remote attacker could potentially use this flaw to bypass authentication and access sensitive information by sending crafted HTTP requests." ], "upstream_fix": "mod_auth_openidc 2.1.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6413\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6413\nhttps://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.6" ], "name": "CVE-2017-6413", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.", "A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct snd_timer_instance function fails the timer->max_instances check leading to an invalid address. This could lead to a use-after-free vulnerability." ], "statement": "This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux 8 starting with RHEL-8.1.0, that is Red Hat Enterprise Linux 8.1 GA kernel version.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19807\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19807" ], "name": "CVE-2019-19807", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-325", "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." ], "upstream_fix": "mariadb 10.0.35, mariadb 10.3.7, mariadb 5.5.60, mariadb 10.2.15, mariadb 10.1.33, mysql 5.5.61, mysql 5.6.41, mysql 5.7.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2767\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2767" ], "name": "CVE-2018-2767", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.", "A flaw was found in the allocate_trace_buffer in kernel/trace/trace.c in the debug subsystem, when failure to allocate a dynamic percpu area, a resource cleanup is called. The pointer (buf->buffer) still holds the address and is not set to NULL, which can cause a use-after-free problem, leading to a dangling pointer issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18595\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18595" ], "name": "CVE-2017-18595", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-07T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.", "A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter.", "upstream_fix": "samba 4.3.11, samba 4.4.5, samba 4.2.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2119\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2119" ], "name": "CVE-2016-2119", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-06T17:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385->CWE-200", "details": [ "An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.\nOn January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125.\nMicrosoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.", "A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1125\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1125" ], "csaw": true, "name": "CVE-2019-1125", "mitigation": { "value": "For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2014-11-14T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.", "A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nFuture kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8884\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8884" ], "name": "CVE-2014-8884", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-26T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-184", "details": [ "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.", "It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system() or popen() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute arbitrary commands with elevated privileges." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat).", "upstream_fix": "sudo 1.8.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7032\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7032\nhttps://www.sudo.ws/alerts/noexec_bypass.html" ], "name": "CVE-2016-7032", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-09T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-400", "details": [ "java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.", "It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service." ], "upstream_fix": "Tomcat 6.0.43, Tomcat 7.0.55, JBossWeb 7.4.6.Final", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0227\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0227\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.43\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55" ], "name": "CVE-2014-0227", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later." ], "upstream_fix": "squid 3.5.28, squid 4.0.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000024\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000024" ], "name": "CVE-2018-1000024", "mitigation": { "value": "A workaround for this issue is to not use the internal ESI parser, which can be achieved by adding either the \"esi_parser expat\" or \"esi_parser libxml2\" configuration directive to the squid configuration file (for example /etc/squid/squid.conf).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17100\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17100" ], "name": "CVE-2018-17100", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long." ], "upstream_fix": "wireshark 2.2.16, wireshark 2.6.2, wireshark 2.4.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14368\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14368\nhttps://www.wireshark.org/security/wnpa-sec-2018-40.html" ], "name": "CVE-2018-14368", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-11T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data." ], "upstream_fix": "Python 3.4.3, Python 2.7.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9365\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9365" ], "name": "CVE-2014-9365", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.", "A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage (swiftonfile). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8177\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8177" ], "name": "CVE-2014-8177", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", "A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service." ], "acknowledgement": "Red Hat would like to thank the Python security response team for reporting this issue.", "upstream_fix": "python 3.4.9, python 3.6.5rc1, python 3.7.0, python 3.5.6, python 2.7.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1060\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1060\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final" ], "name": "CVE-2018-1060", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-362->CWE-59", "details": [ "Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have other unspecified impact on arbitrary files via a symlink attack on (1) /var/tmp/abrt/*/maps, (2) /tmp/jvm-*/hs_error.log, (3) /proc/*/exe, (4) /etc/os-release in a chroot, or (5) an unspecified root directory related to librpm.", "It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use either of these flaws to potentially escalate their privileges on the system." ], "statement": "This issue affects the versions of the abrt package as shipped with Red Hat Enterprise Linux 6 and 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3315\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3315\nhttp://www.openwall.com/lists/oss-security/2015/04/14/4" ], "name": "CVE-2015-3315", "mitigation": { "value": "It is recommended to disable abrt via the following command line, till the flaws have been resolved:\nsysctl -w kern.core_pattern=core\nNote: This will reset, if abrt is re-started.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10090\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10090" ], "name": "CVE-2017-10090", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.", "It was found that the Archive::Tar module did not properly sanitize symbolic links when extracting tar archives. An attacker, able to provide a specially crafted archive for processing, could use this flaw to write or overwrite arbitrary files in the context of the Perl interpreter." ], "upstream_fix": "perl-Archive-Tar 2.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12015\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12015" ], "name": "CVE-2018-12015", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-228->CWE-125", "details": [ "The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.", "A vulnerability was found in libarchive. A specially crafted TAR file could trigger an out-of-bounds read, potentially causing the application to disclose a small amount of application memory." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8924\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8924" ], "name": "CVE-2015-8924", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-200", "details": [ "If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Damian Poddebniak as the original reporter.", "upstream_fix": "thunderbird 68.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12398\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12398\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398" ], "name": "CVE-2020-12398", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7576\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7576" ], "name": "CVE-2019-7576", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5731\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5731\nhttps://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" ], "name": "CVE-2017-5731", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", "It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3509\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3509\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3509", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000077\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000077\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000077", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4911\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4911\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4911", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-843", "details": [ "The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.", "A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code." ], "upstream_fix": "php 5.6.8, php 5.5.24, php 5.4.40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4603\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4603" ], "name": "CVE-2015-4603", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-120|CWE-121|CWE-122)", "details": [ "Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Sebastian Hengst, Tom Ritter, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7810\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7810\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810" ], "name": "CVE-2017-7810", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2805\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2805\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-39.html" ], "name": "CVE-2016-2805", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-06T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-125", "details": [ "The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004." ], "upstream_fix": "mercurial 4.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13346\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13346" ], "name": "CVE-2018-13346", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1." ], "upstream_fix": "libical 2.0.0, Thunderbird 60.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11703\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11703\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-17/" ], "name": "CVE-2019-11703", "mitigation": { "value": "Thunderbird can be configured to use icaljs instead of libical by setting `calendar.icaljs = true` in preferences, mitigating this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 7.0.8-13, ImageMagick 6.9.10-13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18024\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18024" ], "name": "CVE-2018-18024", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6360\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6360" ], "name": "CVE-2015-6360", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4473\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4473\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-79.html" ], "name": "CVE-2015-4473", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5127\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5127\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5127" ], "name": "CVE-2018-5127", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-12T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.", "A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user." ], "upstream_fix": "mariadb 10.0.28, mariadb 10.1.18, mariadb 5.5.52, mysql 5.7.15, mysql 5.6.33, mysql 5.5.52", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6663\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6663\nhttps://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.txt" ], "name": "CVE-2016-6663", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-21T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.", "An off-by-one error leading to a crash was discovered in openldap's processing of DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses." ], "acknowledgement": "This issue was discovered by Matt Rogers (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8182\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8182" ], "name": "CVE-2014-8182", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.", "A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18559\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18559\nhttps://blogs.securiteam.com/index.php/archives/3731" ], "name": "CVE-2018-18559", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-23T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125->CWE-200", "details": [ "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function.", "An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash." ], "statement": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 7. A future update may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "python 2.7.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7185\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7185" ], "name": "CVE-2014-7185", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-552", "details": [ "The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ophir LOJKINE as the original reporter.", "upstream_fix": "thunderbird 68.8.0, firefox 68.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12392\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12392\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392" ], "name": "CVE-2020-12392", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "A mechanism to spoof the addressbar through the user interaction on the addressbar and the \"onblur\" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordi Chancel as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5451\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5451\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5451" ], "name": "CVE-2017-5451", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.", "A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14495\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14495\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14495" }, { "threat_severity": "Moderate", "public_date": "2020-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8844\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8844\nhttps://webkitgtk.org/security/WSA-2020-0001.html" ], "name": "CVE-2019-8844", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.", "It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Vitaly Mayatskih for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12190\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12190" ], "name": "CVE-2017-12190", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..", "A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-30761\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30761\nhttps://webkitgtk.org/security/WSA-2021-0004.html" ], "name": "CVE-2021-30761", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2583\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2583" ], "name": "CVE-2020-2583", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.", "An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14494\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14494\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14494" }, { "threat_severity": "Important", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3990\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3990" ], "name": "CVE-2016-3990", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-23T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.", "A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data." ], "upstream_fix": "openssl 1.0.1t, openssl 1.0.2h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2109\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2109\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2109", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "(CWE-200|CWE-125)", "details": [ "An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.", "A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available.", "acknowledgement": "Red Hat would like to thank Adam Nichols (GRIMM) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27364\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27364" ], "name": "CVE-2021-27364", "mitigation": { "value": "The LIBISCSI module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install libiscsi /bin/true\" >> /etc/modprobe.d/disable-libiscsi.conf\nThe system will need to be restarted if the libiscsi modules are loaded. In most circumstances, the libiscsi kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf the system requires iscsi to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "In tcpdump 4.9.2, a stack-based buffer over-read exists in the print_prefix function of print-hncp.c via crafted packet data because of missing initialization." ], "statement": "This issue affects the versions of tcpdump as shipped with Red Hat Enterprise Linux 7.\nThis issue did not affect the versions of tcpdump as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19519\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19519" ], "name": "CVE-2018-19519", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8820\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8820\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8820", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges cure53 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7848\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7848\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848" ], "name": "CVE-2017-7848", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-16T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-78", "details": [ "The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.", "A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844)." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2004-2771\nhttps://nvd.nist.gov/vuln/detail/CVE-2004-2771" ], "name": "CVE-2004-2771", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2735\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2735\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2735", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-27T20:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.", "A use-after-free flaw was found in the Linux kernel’s vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem." ], "upstream_fix": "Kernel 5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22942\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22942" ], "name": "CVE-2022-22942", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module vmwgfx onto the system until we have a fix available. This can be done by a blacklist mechanism and ensures the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-03T22:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-385->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/speculativeexecution", "acknowledgement": "Red Hat would like to thank Google Project Zero for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5753\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5753\nhttps://access.redhat.com/security/vulnerabilities/speculativeexecution\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://spectreattack.com/" ], "csaw": true, "name": "CVE-2017-5753" }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5205\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5205" ], "name": "CVE-2017-5205", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Buffer over-read in fr_dhcp_decode_suboptions()\" and a denial of service.", "An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10987\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10987\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10987", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-138", "details": [ "vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.", "A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim." ], "upstream_fix": "vim 8.0.0056", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1248\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1248" ], "name": "CVE-2016-1248", "mitigation": { "value": "Disabling modeline support in .vimrc by adding \"set nomodeline\" will prevent exploitation of this flaw. By default, modeline is enabled for ordinary users but disabled for root.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yan as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2722\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2722\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-65.html" ], "name": "CVE-2015-2722", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-29T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash." ], "acknowledgement": "Red Hat would like to thank Liu Bingchang (IIE) for reporting this issue.", "upstream_fix": "jasper 2.0.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9600\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9600" ], "name": "CVE-2016-9600", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-29T13:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.", "A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10207\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10207" ], "name": "CVE-2019-10207", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-667", "details": [ "The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.", "The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls." ], "statement": "The Red Hat Enterprise Linux 7 kernel versions prior to Red Hat Enterprise Linux 7.7 GA kernel (version 3.10.0-1062 released via RHSA-2019:2029) were never affected by CVE-2019-14898 (ie the incomplete fix for CVE-2019-1159) because they never backported the incomplete fix for CVE-2019-11599 in the first place; CVE-2019-11599 was fixed there fully, ie backport consisted of both CVE-2019-11599 and CVE-2019-14898 patches.", "acknowledgement": "This issue was discovered by Vladis Dronov (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14898\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14898\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1790\nhttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114\nhttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10" ], "name": "CVE-2019-14898", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-400", "details": [ "Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.", "It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources." ], "statement": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by David Jorm (Red Hat Product Security).", "upstream_fix": "tomcat 6.0.41, tomcat 7.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0075\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0075" ], "name": "CVE-2014-0075", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-29T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.", "A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code." ], "upstream_fix": "glibc 2.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8779\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8779" ], "name": "CVE-2015-8779", "mitigation": { "value": "Do not use applications which call catopen with unbounded strings. The catopen function is rarely used. Typical application usage involves passing a short, constant string to catopen, so most applications are not affect even if they call catopen.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6237\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6237\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-6237", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-674", "details": [ "PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\\\.|([^\\\\\\\\W_])?)+)+$/." ], "upstream_fix": "pcre 8.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3217\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3217" ], "name": "CVE-2015-3217", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.", "A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. In the worst case (and likely most common virtualization) scenario this flaw affects KVM/qemu hypervisor enabled hosts running Linux guests." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/kernel-vhost", "acknowledgement": "Red Hat would like to thank Peter Pi (Tencent Blade Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14835\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14835\nhttps://access.redhat.com/security/vulnerabilities/kernel-vhost\nhttps://www.openwall.com/lists/oss-security/2019/09/17/1" ], "csaw": true, "name": "CVE-2019-14835", "mitigation": { "value": "For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/kernel-vhost", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jan-Ivar Bruaroey as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6812\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6812\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812" ], "name": "CVE-2020-6812", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.", "A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.8-P4, bind 9.10.3-P4, bind 9.9.8-S6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1286\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1286\nhttps://kb.isc.org/article/AA-01353" ], "name": "CVE-2016-1286", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-338", "details": [ "The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.", "It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests." ], "upstream_fix": "ntp 4.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9293\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9293\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#Weak_default_key_in_config_auth\nhttps://access.redhat.com/articles/1305723" ], "name": "CVE-2014-9293", "mitigation": { "value": "Issue these commands to explicitly generate a strong key and add it to the\nntpd configuration:\necho trustedkey 65535 >> /etc/ntp.conf\nprintf \"65535\\tM\\t%s\\n\" $(tr -cd a-zA-Z0-9 < /dev/urandom | head -c 16) >> /etc/ntp/keys\nThe generated key has about 95 bits of entropy.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-29T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges.", "It was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3159\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3159" ], "name": "CVE-2015-3159", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.", "An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0797\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0797\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-121->CWE-400", "details": [ "Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0161\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0161\nhttps://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html" ], "name": "CVE-2019-0161", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.", "A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Benkocs Norbert Attila as the original reporter.", "upstream_fix": "postgresql 9.4.2, postgresql 9.3.7, postgresql 9.1.16, postgresql 9.0.20, postgresql 9.2.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3165\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3165" ], "name": "CVE-2015-3165", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Luigi Gubello as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11730\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11730\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730" ], "name": "CVE-2019-11730", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8687\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8687\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8687", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10281\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10281" ], "name": "CVE-2017-10281", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-117", "details": [ "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later." ], "upstream_fix": "squid 4.0.23, squid 3.5.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000027\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000027" ], "name": "CVE-2018-1000027", "mitigation": { "value": "A workaround for this issue is to set the \"log_uses_indirect_client off\" configuration directive in the squid configuration file (for example /etc/squid/squid.conf).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-22", "details": [ "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files. Version 1.1.31 and older are believed to be affected.", "A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. If reposync is running with heightened privileges on a targeted system, this flaw could potentially result in system compromise via the overwriting of critical system files." ], "statement": "Red Hat Enterprise Virtualization includes reposync as a component from the base Enterprise Linux system. It is not used by virtualization or management components, and it is not generally useful to mirror untrusted repositories to either Hypervisor or Management Appliance. For Red Hat Enterprise Virtualization, this issue affects only unlikely configurations and thus is rated as Moderate.", "acknowledgement": "Red Hat would like to thank Aaron Levy (Clover Network) and Jay Grizzard (Clover Network) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10897\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10897" ], "name": "CVE-2018-10897", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4262\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4262\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4262", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8100\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8100\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8100", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.", "A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14659\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14659" ], "name": "CVE-2018-14659", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2978\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2978" ], "name": "CVE-2019-2978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-456->(CWE-416|CWE-822)", "details": [ "An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions." ], "upstream_fix": "libexif 0.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13113\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13113" ], "name": "CVE-2020-13113", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-456", "details": [ "The dissect_spdu function in epan/dissectors/packet-ses.c in the SES dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not initialize a certain ID value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." ], "upstream_fix": "wireshark 1.10.10, wireshark 1.12.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6428\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6428\nhttps://www.wireshark.org/security/wnpa-sec-2014-18.html" ], "name": "CVE-2014-6428", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11040\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11040" ], "name": "CVE-2020-11040", "mitigation": { "value": "The flaw can be mitigated by not running the freerdp client with the /gfx connection modes and/or not connecting to untrusted or compromised rdp servers.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c." ], "upstream_fix": "ImageMagick 6.9.10-25, ImageMagick 7.0.8-25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7398\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7398" ], "name": "CVE-2019-7398", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-09T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.", "A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via 'setxattr' sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in 'chmod'." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.\nThis flaw was fixed in the Red Hat products as a part of the CVE-2016-7097 fix.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5551\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5551" ], "name": "CVE-2017-5551", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.", "A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9131\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9131\nhttps://kb.isc.org/article/AA-01439" ], "name": "CVE-2016-9131", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-626->CWE-22", "details": [ "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed.", "It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.10, ruby 2.5.1, ruby 2.3.7, ruby 2.4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8780\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8780\nhttps://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/" ], "name": "CVE-2018-8780", "mitigation": { "value": "It is possible to test for presence of the NULL byte manually prior to call a Dir method with an untrusted string.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-30T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"/CN=\" string in a field in a certificate, as demonstrated by \"/OU=/CN=bar.com/CN=foo.com.\"", "It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client." ], "upstream_fix": "mariadb 10.1.10, mariadb 5.5.47, mariadb 10.0.23, mysql 5.7.11, mysql 5.5.48, mysql 5.6.29", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2047\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2047\nhttp://www.openwall.com/lists/oss-security/2016/01/26/3" ], "name": "CVE-2016-2047", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges R (Zero Day LLC) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12393\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12393\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393" ], "name": "CVE-2018-12393", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute." ], "statement": "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "upstream_fix": "bootstrap 4.1.2, bootstrap 3.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14040\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14040" ], "name": "CVE-2018-14040", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Root Object as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5144\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5144\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5144" ], "name": "CVE-2018-5144", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Serviceability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4266\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4266\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4266", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5486\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5486" ], "name": "CVE-2017-5486", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.", "A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE.\nThis issue affects the versions of the Linux kernel as shipped with 6, 7 and Red Hat Enterprise MRG 2. Future updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Miklos Szeredi (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15121\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15121" ], "name": "CVE-2017-15121", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.", "An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges David Ramos and Robert Dugal as the original reporters.", "upstream_fix": "openssl 1.0.0m, openssl 1.0.1h, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0292\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0292\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0292", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a height of zero is mishandled.", "A heap-based buffer over-read was discovered in ImageMagick in the way it selects an individual threshold for each pixel based on the range of intensity values in its local neighborhood due to a height of zero mishandle error. Applications compiled against ImageMagick libraries that accept untrustworthy images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or leak application data." ], "upstream_fix": "ImageMagick 7.0.8-50, ImageMagick 6.9.10-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13297\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13297" ], "name": "CVE-2019-13297", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20481\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20481" ], "name": "CVE-2018-20481", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-07T11:35:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.", "A heap-based buffer overflow flaw was found in the opj_t1_clbl_decode_processor in openjpeg2. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8112\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8112" ], "name": "CVE-2020-8112", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16750\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16750" ], "name": "CVE-2018-16750", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.", "It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior." ], "upstream_fix": "http-parser 2.8.1, nodejs 8.11.0, nodejs 9.10.0, nodejs 4.9.0, nodejs 6.14.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7159\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7159" ], "name": "CVE-2018-7159", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", "It was discovered that the \"setElementTypePrefix()\" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service." ], "statement": "When processing a specially crafted XML file, expat may use more memory than ultimately necessary, which can also lead to increased CPU usage and longer processing times. Depending on available system resources and configuration, this may also lead to the application triggering the Out-Of-Memory-Killer, causing the application to be terminated.", "upstream_fix": "expat 2.2.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20843\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20843\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031" ], "name": "CVE-2018-20843", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges ca0nguyen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1960\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1960\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-23.html" ], "name": "CVE-2016-1960", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7930\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7930" ], "name": "CVE-2016-7930", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-138", "details": [ "RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.", "It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.4.2, ruby 2.2.8, ruby 2.3.5, rubygems 2.6.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0901\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0901\nhttp://blog.rubygems.org/2017/08/27/2.6.13-released.html" ], "name": "CVE-2017-0901", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", "Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications." ], "statement": "This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Low security impact and does not plan to address this flaw for the above components in any future security updates.\nThis issue affects the version of openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 0.9.8zd, OpenSSL 1.0.0p, OpenSSL 1.0.1k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8275\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8275\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-8275", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-07T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted TIFF image to the (1) checkInkNamesString function in tif_dir.c in the thumbnail tool, (2) compresscontig function in tiff2bw.c in the tiff2bw tool, (3) putcontig8bitCIELab function in tif_getimage.c in the tiff2rgba tool, LZWPreDecode function in tif_lzw.c in the (4) tiff2ps or (5) tiffdither tool, (6) NeXTDecode function in tif_next.c in the tiffmedian tool, or (7) TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool." ], "statement": "Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8127\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8127" ], "name": "CVE-2014-8127", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.", "It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request." ], "statement": "This issue affects the versions of python-twisted as shipped with Red Hat Satellite 6.x. However due to the manner in which python-twisted is used exploitation of this issue by an attacker would require significant access to the server, or be able to modify requests from other users via additional vulnerabilities. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1000111\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000111" ], "name": "CVE-2016-1000111", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", "A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic." ], "statement": "This issue affects the version of openssl and nss libraries as shipped with Red Hat Enterprise Linux 4, 5, 6 and 7. More information about this flaw is available at: https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c4 and https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c5.\nRed Hat Enterprise Linux 4 is in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 4.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4000\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4000\nhttps://access.redhat.com/articles/1456263\nhttps://weakdh.org/" ], "csaw": true, "name": "CVE-2015-4000" }, { "threat_severity": "Important", "public_date": "2014-05-07T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.", "A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\nIt was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system." ], "acknowledgement": "Red Hat would like to thank Matthew Daley for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1737\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1737" ], "name": "CVE-2014-1737", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16427\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16427\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16427", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.", "A flaw was found in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "upstream_fix": "kernel 4.17-rc3, kernel 4.17-rc1, kernel 4.16-rc7, kernel 4.16, kernel 4.17-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1087\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1087\nhttps://access.redhat.com/security/vulnerabilities/pop_ss" ], "csaw": true, "name": "CVE-2018-1087" }, { "threat_severity": "Moderate", "public_date": "2018-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.", "It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities." ], "statement": "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of httpd24-curl as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Craig de Stigter as the original reporter.", "upstream_fix": "curl 7.58.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000007\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000007\nhttps://curl.haxx.se/docs/adv_2018-b3bf.html" ], "name": "CVE-2018-1000007", "mitigation": { "value": "By default, curl and libcurl will not follow redirect requests.\nThis flaw happens only when curl or libcurl are explicitly requested to follow redirects (option --location in curl, and CURLOPT_FOLLOWLOCATION in libcurl).\nTo mitigate this, it is possible to prevent the automated following of redirects, replacing it by manual redirects (and remove the authentication header), for example.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "This issue is rated as having Moderate impact because Only local users with privileges to access the sock_dgram Bluetooth socket can trigger this issue.", "acknowledgement": "Red Hat would like to thank Likang Luo (NSFOCUS Security Team) for reporting this issue.", "upstream_fix": "kernel 5.15.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3752\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3752\nhttps://lore.kernel.org/lkml/20211115165435.133245729@linuxfoundation.org/\nhttps://www.openwall.com/lists/oss-security/2021/09/15/4" ], "name": "CVE-2021-3752", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability. The possible solution is to disable Bluetooth completely: https://access.redhat.com/solutions/2682931", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Michał Bentkowski as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7188\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7188\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-122.html" ], "name": "CVE-2015-7188", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-27T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-391", "details": [ "The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.", "It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor." ], "statement": "This issue did not affect the kvm packages as shipped with Red Hat Enterprise Linux 5 as they lack support for sysenter instruction emulation.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. A future update may address this issue.\nPlease note that the Red Hat Enterprise Linux with KVM certified guest operating\nsystems do initialize the SYSENTER MSRs and are thus not vulnerable to\nthis issue when running on KVM hypervisor.", "acknowledgement": "Red Hat would like to thank Nadav Amit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0239\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0239" ], "name": "CVE-2015-0239", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-09T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542." ], "upstream_fix": "pcre2 10.22, pcre 8.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3191\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3191" ], "name": "CVE-2016-3191", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16." ], "upstream_fix": "libarchive 3.3.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14503\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14503" ], "name": "CVE-2017-14503", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries." ], "acknowledgement": "Red Hat would like to thank Andrea Palazzo (Truel IT) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4806\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4806\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4806", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.", "A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4654\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4654" ], "name": "CVE-2014-4654", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-17T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.", "A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4171\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4171" ], "name": "CVE-2014-4171", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.", "A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output." ], "statement": "Red Hat Product Security has rated this issue as having a security impact of Important, and a future update may address this flaw.", "upstream_fix": "gnupg2 2.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12020\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12020\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html" ], "name": "CVE-2018-12020", "mitigation": { "value": "This flaw can be mitigated by appending the --no-verbose command line flag.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3894\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3894\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3894", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-319", "details": [ "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.", "A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality." ], "acknowledgement": "This issue was discovered by Mark Gray (Red Hat) and Sabrina Dubroca (Red Hat).", "upstream_fix": "Linux kernel 5.9-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25645\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25645" ], "name": "CVE-2020-25645", "mitigation": { "value": "A possible workaround for this flaw is to configure IPsec for all traffic between the endpoints, instead of specifically for the UDP port used by the GENEVE tunnels. If GENEVE tunnels are not used, this flaw will not be triggered. In that case, it is possible to disable those tunnels, by unloading the \"geneve\" kernel module and blacklisting it (See https://access.redhat.com/solutions/41278 for a\nguide on how to blacklist modules).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6511\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6511\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6511", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2816" ], "name": "CVE-2019-2816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-843", "details": [ "The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to \"type confusion\" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.", "Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash." ], "upstream_fix": "php 5.4.40, php 5.5.24, php 5.6.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4600\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4600" ], "name": "CVE-2015-4600", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-13T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-352", "details": [ "The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Muneaki Nishimura as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8638\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8638\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-03.html" ], "name": "CVE-2014-8638", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "2.4", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", "A memory leak was discovered in the systemd-login when a power-switch event is received. A physical attacker may trigger one of these events and leak bytes due to a missing free." ], "statement": "The version of systemd delivered in OpenShift Container Platform 4.1 and included in CoreOS images has been superseded by the version delivered in Red Hat Enterprise Linux 8. CoreOS updates for systemd in will be consumed from Red Hat Enterprise Linux 8 channels.", "upstream_fix": "systemd 243", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20386\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20386" ], "name": "CVE-2019-20386", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-04T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "Wireshark 1.10.13, Wireshark 1.12.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2191\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2191" ], "name": "CVE-2015-2191", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." ], "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0456\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0456\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0456", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The XWD image (X Window System window dumping file) parsing component in ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) in ReadXWDImage in coders/xwd.c by crafting a corrupted XWD image file, a different vulnerability than CVE-2019-11472." ], "upstream_fix": "ImageMagick 6.9.10-41, ImageMagick 7.0.8-41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15139\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15139" ], "name": "CVE-2019-15139", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10274\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10274" ], "name": "CVE-2017-10274", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10193\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10193" ], "name": "CVE-2017-10193", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-17T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An integer overflow in \"createImageBitmap()\" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the \"createImageBitmap\" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.", "A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero Day Initiative as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5428\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5428\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428" ], "name": "CVE-2017-5428", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4252\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4252\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.", "A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6214\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6214" ], "name": "CVE-2017-6214", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1578\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1578\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-77.html" ], "name": "CVE-2014-1578", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9278\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9278" ], "name": "CVE-2019-9278", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.", "A flaw was found in the way glusterfs server handles client requests. A remote, authenticated attacker could set arbitrary values for the GF_XATTROP_ENTRY_IN_KEY and GF_XATTROP_ENTRY_OUT_KEY during xattrop file operation resulting in creation and deletion of arbitrary files on glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14654\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14654" ], "name": "CVE-2018-14654", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-03T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-456", "details": [ "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.", "An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory." ], "statement": "This issue affects the versions of kvm and xen packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7.\nThis issue affects the Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.\nThis issue affects the Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and\nmaintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat Enterprise Linux Life\nCycle: https://access.redhat.com/support/policy/updates/errata/", "acknowledgement": "Red Hat would like to thank Xen project for reporting this issue. Upstream acknowledges Donghai Zhu (Alibaba) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5165\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5165\nhttp://xenbits.xen.org/xsa/advisory-140.html" ], "name": "CVE-2015-5165", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-09-05T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", "It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7141\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7141\nhttps://curl.haxx.se/docs/adv_20160907.html" ], "name": "CVE-2016-7141", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-266", "details": [ "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4181\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4181" ], "name": "CVE-2018-4181", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-456->CWE-200", "details": [ "fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.", "A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem." ], "statement": "This is a possible information leak of data that existed in the extent tree blocks. While the attacker does not have control of what exists in the blocks prior to this point they may be able to glean confidential information or possibly information that could be used to further another attack.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11833\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11833" ], "name": "CVE-2019-11833", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\"", "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG 2.x. This issue has been rated as having Important security impact. Updates for each affected version are in progress and will be released as soon as possible.\nShipping versions of Fedora are affected and Fedora is aware of this flaw.\nFor additional information about this flaw, please see https://access.redhat.com/security/vulnerabilities/2706661", "acknowledgement": "Red Hat would like to thank Phil Oester for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5195\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5195" ], "csaw": true, "name": "CVE-2016-5195", "mitigation": { "value": "Please see bug 1384344 comment #13 (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13) for details on how to mitigate this issue.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2019-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.", "A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17133\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17133" ], "name": "CVE-2019-17133", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-863", "details": [ "The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.", "The move_pages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. This enables a local attacker to learn the memory layout of a setuid executable allowing mitigation of ASLR." ], "upstream_fix": "kernel 4.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14140\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14140" ], "name": "CVE-2017-14140", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.", "It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record." ], "statement": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2653\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2653" ], "name": "CVE-2014-2653", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-290", "details": [ "KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.", "A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application." ], "acknowledgement": "Red Hat would like to thank Sebastian Krahmer (SUSE) for reporting this issue.", "upstream_fix": "kauth 5.34, kdelibs 4.14.32", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8422\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8422\nhttp://seclists.org/oss-sec/2017/q2/240\nhttps://www.kde.org/info/security/advisory-20170510-1.txt" ], "name": "CVE-2017-8422", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via a crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE TABLE statement.", "It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts." ], "upstream_fix": "SQLite 3.8.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3415\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3415" ], "name": "CVE-2015-3415", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests." ], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13082\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13082\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13082", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation." ], "upstream_fix": "freetype 2.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-9382\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9382" ], "name": "CVE-2015-9382", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2663\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2663" ], "name": "CVE-2018-2663", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash)." ], "statement": "This issue does not affect Red Hat Enterprise Linux 8 because we don't ship openldap-servers subpackage with the Red Hat Enterprise Linux 8 (it is only present in the buildroot).", "upstream_fix": "openldap 2.4.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12243\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12243" ], "name": "CVE-2020-12243", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.", "It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.4.1, samba 4.3.7, samba 4.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2113\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2113\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2113", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-12T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-732", "details": [ "Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.", "It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server." ], "statement": "All MySQL and MariaDB packages in Red Hat Enterprise Linux and Red Hat Software Collections install the my.cnf configuration file in /etc as root-owned and not writeable to mysqld's mysql user. This default configuration stops the published exploit for this issue.\nAll MySQL and MariaDB packages for Red Hat Enterprise Linux 7 (either those directly included in Red Hat Enterprise Linux 7 or from Red Hat Software Collections for Red Hat Enterprise Linux 7) run mysqld_safe with mysql user privileges and not root privileges, limiting the potential impact to code execution as mysql system user.\nThe MySQL 5.1 packages in Red Hat Enterprise Linux 6 do not implement support for library preloading, completely preventing the remote attack vector used by the published exploit.\nFor additional details, refer to:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1375198#c12", "upstream_fix": "mariadb 5.5.51, mariadb 10.0.27, mariadb 10.1.17, mysql 5.5.52, mysql 5.7.15, mysql 5.6.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6662\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6662\nhttps://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.txt" ], "name": "CVE-2016-6662", "mitigation": { "value": "- Ensure all MySQL / MariaDB configuration files are not writeable to the mysql user. This is the default configuration in Red Hat products.\n- Ensure that non-administrative database users are not granted FILE privilege. Applications accessing data in MySQL / MariaDB databases, including web application potentially vulnerable to SQL injections, should use database accounts with the lowest privileges required.\n- If FILE permission needs to be granted to some non-administrative database users, use secure_file_priv setting to limit where files can be written to or read from.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7938\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7938" ], "name": "CVE-2016-7938", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.59, mariadb 10.2.13, mariadb 10.0.34, mariadb 10.1.31, mysql 5.5.59, mysql 5.7.21, mysql 5.6.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2622\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2622\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" ], "name": "CVE-2018-2622", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM." ], "upstream_fix": "mariadb 10.0.24, mariadb 10.1.12, mariadb 5.5.48, mysql 5.6.29, mysql 5.7.11, mysql 5.5.48", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0641\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0641\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0641", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-10T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.", "An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution." ], "upstream_fix": "glibc 2.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8778\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8778" ], "name": "CVE-2015-8778", "mitigation": { "value": "Do not use any applications which call hcreate or hcreate_r with a large size argument.\nThese functions are used only rarely, and most callers supply a constant argument. Other applications calculate the size argument in such a way that the error condition cannot be triggered.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-03-24T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-362", "details": [ "KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\"", "It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5033\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5033" ], "name": "CVE-2014-5033", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17042\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17042" ], "name": "CVE-2019-17042", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR." ], "upstream_fix": "mariadb 10.0.26, mariadb 10.1.15, mariadb 5.5.50, mysql 5.5.50, mysql 5.6.31, mysql 5.7.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5440\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5440\nhttp://www.oracle.com/technetwork/topics/security/cpujul2016-2881720.html" ], "name": "CVE-2016-5440", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7932\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7932" ], "name": "CVE-2016-7932", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12264\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12264" ], "name": "CVE-2018-12264", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jerri Rice as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5410\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5410\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5410" ], "name": "CVE-2017-5410", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-19T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.", "A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult." ], "statement": "This is a glibc-side mitigation. For a related kernel mitigation please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000364 .", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000366\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000366\nhttps://access.redhat.com/security/vulnerabilities/stackguard\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" ], "csaw": true, "name": "CVE-2017-1000366" }, { "threat_severity": "Important", "public_date": "2020-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.", "An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service. A majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled." ], "statement": "Upstream has released additional information about this flaw. Details available at: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tobias Klein as the original reporter.", "upstream_fix": "bind 9.11.19, bind 9.14.12, bind 9.16.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8617\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8617\nhttps://kb.isc.org/docs/cve-2020-8617" ], "name": "CVE-2020-8617", "mitigation": { "value": "BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled. Upstream recommends using random value in session-keyname as a workaround. This can be added to named.conf configuration file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-19T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.", "A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enteprise MRG 2. Future kernel and kernel-rt updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2666\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2666" ], "name": "CVE-2015-2666", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", "It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2601\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2601\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2601", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges." ], "upstream_fix": "mariadb 5.5.46, mariadb 10.0.22, mariadb 10.1.8, mysql 5.5.46, mysql 5.6.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4830\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4830\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4830", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-07T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.", "A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 and 6 because we do not provide support for Transactional Memory on Power PC architecture.\nThis issue does not affect Red Hat Enterprise MRG 2 because we do not support Power PC architecture.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2673\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2673" ], "name": "CVE-2014-2673", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.", "A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service issue or, potentially, gain privileged access to a system." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "acknowledgement": "Red Hat would like to thank Jann Horn (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6974\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6974" ], "name": "CVE-2019-6974", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86." ], "statement": "Fuse 6.3 and 7 standalone distributions ship but do not use tomcat, and as such are not affected by this flaw; however, Fuse Integration Services 2.0 and Fuse 7 on OpenShift provide the affected artifacts via their respective maven repositories, and will provide fixes for this issue in a future release.", "upstream_fix": "tomcat 8.0.52, tomcat 8.5.31, tomcat 9.0.8, tomcat 7.0.88", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1336\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1336" ], "name": "CVE-2018-1336", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB." ], "upstream_fix": "mariadb 10.0.23, mariadb 5.5.47, mariadb 10.1.10, mysql 5.7.10, mysql 5.6.28, mysql 5.5.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0600\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0600\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0600", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-15T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command." ], "upstream_fix": "jasper 1.900.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8693\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8693" ], "name": "CVE-2016-8693", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-59", "details": [ "Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.", "A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank GNU Wget project for reporting this issue.", "upstream_fix": "wget 1.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4877\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4877" ], "name": "CVE-2014-4877", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "upstream_fix": "mariadb 10.4.7, mariadb 5.5.65, mariadb 10.2.26, mariadb 10.1.41, mariadb 10.3.17, mariadb-connector-c 3.1.3, mysql 8.0.19, mysql 5.6.48, mysql 5.7.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2922\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2922\nhttps://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL" ], "name": "CVE-2020-2922", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-11-25T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.", "A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read." ], "upstream_fix": "flac 1.3.1pre1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9028\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9028" ], "name": "CVE-2014-9028", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-25T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the \"redir_stack\" issue.", "It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code." ], "statement": "A patch for this issue was applied to the bash packages in Red Hat Enterprise Linux via RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312. The errata do not mention the CVE in the description, as the CVE was only assigned after those updates were released.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7186\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7186" ], "name": "CVE-2014-7186", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-284", "details": [ "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded." ], "statement": "Red Hat OpenStack will consume fixes from the base Red Hat Enterprise Linux Operating System. Therefore the package provided by Red Hat OpenStack has been marked as will not fix.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11068\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11068" ], "name": "CVE-2019-11068", "mitigation": { "value": "This flaw only applies to applications compiled against libxml2 which use xsltCheckRead and xsltCheckWrite functions and/or allow users to load arbitrary URLs to be parsed via libxml2. In all other cases, applications are not vulnerable.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8977\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8977" ], "name": "CVE-2018-8977", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-131->CWE-190->CWE-122", "details": [ "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.", "It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine." ], "statement": "This issue affects the versions of systemd-networkd as shipped with Red Hat Enterprise Linux 7, however the package is available only through the unsupported Optional repository and it cannot be exploited unless the interface is explicitly configured to use DHCP.\nThis issue affects the versions of NetworkManager as shipped with Red Hat Enterprise Linux 7 because the package includes some parts of the systemd-networkd code, which present the same vulnerability. NetworkManager is vulnerable to this flaw only when configured to use the internal DHCP, which is not the default. However, when it is, the flaw may be triggered by a connection where either ipv6.method is set to dhcp or it is set to auto, which is the default value.", "acknowledgement": "Red Hat would like to thank Ubuntu Security Team for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15688\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15688" ], "name": "CVE-2018-15688", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10360\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10360" ], "name": "CVE-2018-10360", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "An off-by-one error within the \"LibRaw::kodak_ycbcr_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.", "A heap-based out-of-bounds access flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images." ], "upstream_fix": "LibRaw 0.18.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5800\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5800\nhttps://packetstormsecurity.com/files/146172/secunia-libraw.txt" ], "name": "CVE-2018-5800", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.", "A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10927\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10927" ], "name": "CVE-2018-10927", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3289\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3289" ], "name": "CVE-2017-3289", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.", "An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7569\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7569" ], "name": "CVE-2018-7569", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-25T17:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.", "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw.\nSystems with less than 32GB of memory are very unlikely to be affected by this issue due to memory demands during exploitation.\nThis issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the version of the kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 will address this issue.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14634\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14634\nhttps://access.redhat.com/security/vulnerabilities/mutagen-astronomy\nhttps://www.openwall.com/lists/oss-security/2018/09/25/4" ], "name": "CVE-2018-14634", "mitigation": { "value": "To mitigate the issue:\nEnable and install kernel-debuginfo packages as per https://access.redhat.com/solutions/666123\n1) On the host, save the following in a file with the \".stp\" extension:\n// CVE-2018-14634\n//\n// Theory of operations: adjust the thread's # rlimit-in-effect around\n// calls to the vulnerable get_arg_page() function so as to encompass\n// the newly required _STK_LIM / 4 * 3 maximum.\n// Complication: the rlimit is stored in a current-> structure that\n// is shared across the threads of the process. They may concurrently\n// invoke this operation.\nfunction clamp_stack_rlim_cur:long ()\n%{\nstruct rlimit *rlim = current->signal->rlim;\nunsigned long rlim_cur = READ_ONCE(rlim[RLIMIT_STACK].rlim_cur);\nunsigned long limit = _STK_LIM / 4 * 3;\nlimit *= 4; // multiply it back up, to the scale used by rlim_cur\nif (rlim_cur > limit) {\nWRITE_ONCE(rlim[RLIMIT_STACK].rlim_cur, limit);\nSTAP_RETURN(limit);\n} else\nSTAP_RETURN(0);\n%}\nprobe kernel.function(\"copy_strings\").call\n{\nl = clamp_stack_rlim_cur()\nif (l)\nprintf(\"lowered process %s(%d) STACK rlim_cur to %p\\n\",\nexecname(), pid(), l)\n}\nprobe begin {\nprintf(\"CVE-2018-14634 mitigation loaded\\n\")\n}\nprobe end {\nprintf(\"CVE-2018-14634 mitigation unloaded\\n\")\n}\n2) Install the \"systemtap\" package and any required dependencies. Refer\nto the \"2. Using SystemTap\" chapter in the Red Hat Enterprise Linux\n\"SystemTap Beginners Guide\" document, available from docs.redhat.com,\nfor information on installing the required -debuginfo and matching kernel-devel packages\n3) Run the \"stap -g [filename-from-step-1].stp\" command as root.\nIf the host is rebooted, the changes will be lost and the script must be\nrun again.\nAlternatively, build the systemtap script on a development system with\n\"stap -g -p 4 [filename-from-step-1].stp\", distribute the resulting\nkernel module to all affected systems, and run \"staprun -L \" on those.\nWhen using this approach only systemtap-runtime package is required on\nthe affected systems. Please notice that the kernel version must be the same\nacross all systems.\nThis may not be a suitable workaround if your application uses massive amounts of stack space. Please consider this if there are any adverse affects when running this mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF." ], "statement": "This issue affects the versions of libjpeg as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the versions of libjpeg-turbe as shipped with Red Hat Enterprise Linux 6 and 7. However, the problem is limited to the \"cjpeg\" utility and does not affect the library itself.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11813\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11813" ], "name": "CVE-2018-11813", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Marcin 'Icewall' Noga (Cisco Talos) as the original reporter.", "upstream_fix": "thunderbird 68.9.0, firefox 68.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12405\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12405\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405" ], "name": "CVE-2020-12405", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).", "A use-after-free flaw exists in WebKitGTK. This flaw allows remote attackers to execute arbitrary code or cause a denial of service." ], "upstream_fix": "webkitgtk 2.28.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11793\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11793\nhttps://webkitgtk.org/security/WSA-2020-0004.html" ], "name": "CVE-2020-11793", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-13T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.", "A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system by creating a special stack layout that would force the perf_callchain_user_64() function into an infinite loop." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and may be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6526\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6526" ], "name": "CVE-2015-6526", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-23T00:00:00Z", "cvss3": { "cvss3_base_score": "2.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.", "The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file." ], "upstream_fix": "Kernel 6.4-rc6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1118\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1118" ], "name": "CVE-2018-1118", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).", "A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5 and 6 and kernel-alt.\nThis issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by ChunYu Wang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15116\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15116" ], "name": "CVE-2017-15116", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-23T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.", "A flaw was found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root." ], "statement": "This issue affects the versions of libuser as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This vulnerability has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3246\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3246\nhttps://access.redhat.com/articles/1537873" ], "csaw": true, "name": "CVE-2015-3246", "mitigation": { "value": "Add pam_warn and pam_deny rules to /etc/pam.d/chfn and /etc/pam.d/chsh to prevent non-root users from using this functionality. With these edits, the files should contain:\nauth sufficient pam_rootok.so\nauth required pam_warn.so\nauth required pam_deny.so\nauth include system-auth\naccount include system-auth\npassword include system-auth\nsession include system-auth\nAfter these changes, attempts by unprivileged users to use chfn and chsh (and the respective functionality in the userhelper program) will fail, and will be logged (by default in /var/log/secure).", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2018-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue." ], "upstream_fix": "tomcat 9.0.9, tomcat 7.0.89, tomcat 8.5.32, tomcat 8.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8014\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8014\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.89\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.32\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.9" ], "name": "CVE-2018-8014", "mitigation": { "value": "When using the CORS filter, it is recommended to configure it explicitly for your environment. In particular, the combination of `cors.allowed.origins = *` and `cors.support.credentials = True` should be avoided as this can leave your application vulnerable to cross-site scripting (XSS). For details on configuring CORS filter, please refer to https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 6.9.10-6, ImageMagick 7.0.8-6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16640\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16640" ], "name": "CVE-2018-16640", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2013-11-09T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.", "It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8172\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8172" ], "name": "CVE-2014-8172", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference." ], "statement": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 prior to 7.5 as they did not include the vulnerable code.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17282\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17282" ], "name": "CVE-2018-17282", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-01T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.", "It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2143\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2143" ], "name": "CVE-2016-2143", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.", "A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory." ], "statement": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5, and 6. These versions do not include the JSON module.\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.3.5, ruby 2.4.2, ruby 2.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14064\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14064\nhttps://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/" ], "name": "CVE-2017-14064", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8559\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8559" ], "name": "CVE-2019-8559", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-28T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-253", "details": [ "The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.", "A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7796\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7796" ], "name": "CVE-2016-7796", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.", "An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.\nNote:- Impact on Red Hat Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview.", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7222\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7222" ], "name": "CVE-2019-7222", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8610\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8610\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8610", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-665->CWE-335", "details": [ "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.", "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM." ], "acknowledgement": "Red Hat would like to thank the Python Security Response Team for reporting this issue.", "upstream_fix": "python 3.7.1, python 3.6.7, python 2.7.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14647\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14647\nhttps://bugs.python.org/issue34623" ], "name": "CVE-2018-14647", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.", "A use-after-free flaw was found in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component that can be exploited to achieve local privilege escalation. If a class with a link-sharing curve, for example, with the HFSC_FSC flag set, has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4623\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4623\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f" ], "name": "CVE-2023-4623", "mitigation": { "value": "To mitigate this issue, prevent the module sch_hfsc from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.", "A flaw was found in freerdp in versions before 2.0.0-rc4. An out-of-bounds write of up to 4 bytes in the nsc_rle_decode() function results in a memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8788\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8788" ], "name": "CVE-2018-8788", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "WebExtension scripts can use the \"data:\" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Muneaki Nishimura as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5386\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5386\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5386" ], "name": "CVE-2017-5386", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).", "A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5548\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5548" ], "name": "CVE-2016-5548", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-09T10:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120->CWE-131->CWE-787", "details": [ "A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system." ], "statement": "To trigger this issue, the user needs some privileges (for example, access to the sysctl files), but usually less than root or CAP_NET_ADMIN.", "upstream_fix": "kernel 6.0.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-4378\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4378\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch\nhttps://seclists.org/oss-sec/2022/q4/178" ], "name": "CVE-2022-4378", "mitigation": { "value": "A possible workaround is preventing regular users from accessing sysctl files (such as /proc/sys/net/ipv4/tcp_rmem and similar). Also, preventing a user from increasing privileges with commands such as \"unshare -rn\" (that allows obtaining net namespace privileges required to access /proc/sys/net/ipv4/tcp_rmem).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-05-07T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.", "A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\nIt was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system." ], "acknowledgement": "Red Hat would like to thank Matthew Daley for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1738\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1738" ], "name": "CVE-2014-1738", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-23T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-358", "details": [ "Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.", "An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0636\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0636" ], "name": "CVE-2016-0636", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-134", "details": [ "Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and SE 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2490\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2490\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-2490", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-26T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.", "It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5472\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5472" ], "name": "CVE-2014-5472", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-12-29T00:00:00Z", "cvss3": { "cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-138", "details": [ "In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.", "A flaw was found in Pallets Jinja prior to version 2.8.1 allows sandbox escape. Python's string format method added to strings can be used to discover potentially dangerous values including configuration values. The highest threat from this vulnerability is to data confidentiality and integrity as well as system integrity." ], "statement": "* Red Hat OpenStack Platform is not affected by this flaw. All supported versions ship python-jinja2 packages which have already been fixed.\n* Red Hat Satellite 6 will receive fixes through the underlying Red Hat Enterprise Linux, so it will not issue updates to its own affected package.\n* Red Hat Update Infrastructure is not affected because its packaged versions of python-jinja2 do not use the Sandbox feature, nor does it allow untrusted jinja2 templates.\n* Red Hat Virtualization Management Appliance includes python-jinja2 as a dependency of ovirt-engine-backend, which only uses it with controlled format strings that are not exploitable.\n* Red Hat Ceph Storage 2 and 3 are affected by this flaw as it contains the vulnerable code and will get security fixes for python-jinja2 from Red Hat Enterprise Linux 7 channel.", "upstream_fix": "python-jinja2 2.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10745\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10745\nhttps://palletsprojects.com/blog/jinja-281-released/" ], "name": "CVE-2016-10745", "mitigation": { "value": "If you don't want or you cannot upgrade Jinja2, you can override the `is_safe_attribute` method on the sandbox and explicitly disallow all `format` attributes on strings.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1." ], "upstream_fix": "Thunderbird 60.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11705\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11705\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-17/" ], "name": "CVE-2019-11705", "mitigation": { "value": "Thunderbird can be configured to use icaljs instead of libical by setting `calendar.icaljs = true` in preferences, mitigating this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.", "A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application (for example, Konqueror) linked against PCRE to crash while parsing malicious regular expressions." ], "upstream_fix": "pcre 8.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8964\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8964" ], "name": "CVE-2014-8964", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-28T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.", "An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application." ], "statement": "This issue affects the version of glibc package as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6040\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6040" ], "name": "CVE-2014-6040", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first." ], "upstream_fix": "ImageMagick 6.9.10-41, ImageMagick 7.0.8-41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11472\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11472" ], "name": "CVE-2019-11472", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16548\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16548" ], "name": "CVE-2018-16548", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "upstream_fix": "chromium-browser 70.0.3538.67", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17466\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17466\nhttps://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" ], "name": "CVE-2018-17466", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-09-21T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.", "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter.", "upstream_fix": "openssl 1.0.2i, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6306\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6306\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-6306", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7150\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7150" ], "name": "CVE-2019-7150", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000156\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000156" ], "name": "CVE-2018-1000156", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordi Chancel as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2822\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2822\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-52.html" ], "name": "CVE-2016-2822", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.", "A flaw was found in the Linux kernel’s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the backing store. The highest threat from this vulnerability is to integrity. In addition, this flaw affects the tcmu-runner package, where the affected SCSI command is called." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-28374\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-28374" ], "name": "CVE-2020-28374", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-90->CWE-476", "details": [ "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5729\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5729" ], "name": "CVE-2018-5729", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2794\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14973\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14973" ], "name": "CVE-2019-14973", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.", "An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service." ], "acknowledgement": "Red Hat would like to thank Joachim Jabs (F24) for reporting this issue.", "upstream_fix": "389-ds-base 1.3.5.17, 389-ds-base 1.3.6.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2668\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2668" ], "name": "CVE-2017-2668", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-125", "details": [ "The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9657\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9657" ], "name": "CVE-2014-9657", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5261\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5261\nhttps://www.mozilla.org/security/advisories/mfsa2016-75/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5261", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", "A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash." ], "statement": "This issue does not affect the version of openssl097a as shipped with Red Hat Enterprise Linux 5. This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact and does not plan to address this flaw for the above components in any future security updates.\nThis issue affects the version of openssl as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 0.9.8zd, OpenSSL 1.0.0p, OpenSSL 1.0.1k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3571\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3571\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-3571", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7828\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7828\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828" ], "name": "CVE-2017-7828", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-20T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-391", "details": [ "named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.", "A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions." ], "statement": "Red Hat Enterprise Linux 5 ships with both bind (9.3) packages which are not affected by this issue, and bind97 packages, which are affected by this issue.\nRed Hat Enterprise Linux 5 is now in Production Phase 3 of the support and maintenance life cycle. This issue is not currently planned to be addressed in future bind97 updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "BIND 9.9.7, BIND 9.10.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1349\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1349\nhttps://kb.isc.org/article/AA-01235/0/CVE-2015-1349%3A-A-Problem-with-Trust-Anchor-Management-Can-Cause-named-to-Crash.html" ], "name": "CVE-2015-1349", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.", "A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file." ], "statement": "This issue does not affect the file, php, or php53 packages in Red Hat Enterprise Linux 5 and 6. This issue affects the file package in Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update my address this flaw.", "acknowledgement": "This issue was discovered by Francisco Alonso (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0207\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0207" ], "name": "CVE-2014-0207", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.", "A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process." ], "acknowledgement": "Red Hat would like to thank Jskz - Zero Day Initiative (trendmicro.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11806\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11806" ], "name": "CVE-2018-11806", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.", "Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 3.5.15, squid 4.0.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2569\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2569\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2569", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-11-10T00:00:00Z", "cvss": { "cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.", "It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel." ], "statement": "This issue affects the version of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production Phase 3 of the support and maintenance life cycle. Thus it is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Ben Serebrin (Google Inc.) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5307\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5307" ], "name": "CVE-2015-5307", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:N/AC:L/Au:M/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6463\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6463" ], "name": "CVE-2014-6463", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-30T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue." ], "statement": "This flaw is related to the design of the RC4 protocol and not its implementation. Therefore there are no plans to correct this issue in Red Hat Enterprise Linux 5, 6 and 7. Future updates may disable the use of RC4 in various components.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2808\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2808\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf" ], "name": "CVE-2015-2808", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.", "An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-31436\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31436\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d" ], "name": "CVE-2023-31436", "mitigation": { "value": "To mitigate this issue, prevent the module, sch_qfq from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g." ], "statement": "This flaw only exhibits itself when:\n1. OpenSSL is used to display details of a local or a remote certificate.\n2. The certificate contains the uncommon RFC 3779 IPAddressFamily extension.\nThe maximum impact of this flaw is garbled information being displayed, there is no impact on the availability of service using such a certificate. Also this flaw can NOT be used to create specially-crafted certificates. Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "openssl 1.0.2m, openssl 1.1.0g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3735\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3735\nhttps://www.openssl.org/news/secadv/20170828.txt" ], "name": "CVE-2017-3735", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-09-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jan de Mooij as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1562\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1562\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-67.html" ], "name": "CVE-2014-1562", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11439\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11439" ], "name": "CVE-2018-11439", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15862\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15862" ], "name": "CVE-2018-15862", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-05-13T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-119", "details": [ "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.", "An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest." ], "statement": "This issue affects the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and 7, and the versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases will address this flaw.", "acknowledgement": "Red Hat would like to thank Jason Geffner (CrowdStrike) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3456\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3456\nhttp://venom.crowdstrike.com/\nhttp://xenbits.xen.org/xsa/advisory-133.html\nhttps://access.redhat.com/articles/1444903\nhttps://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/" ], "csaw": true, "name": "CVE-2015-3456" }, { "threat_severity": "Important", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "upstream_fix": "firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17008\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17008\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008" ], "name": "CVE-2019-17008", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-05-21T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-271", "details": [ "The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.", "It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system.\nNote: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation." ], "acknowledgement": "Red Hat would like to thank Graham Dumpleton for reporting this issue. Upstream acknowledges Róbert Kisteleki as the original reporter.", "upstream_fix": "mod_wsgi 3.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0240\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0240" ], "name": "CVE-2014-0240", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-30T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow remote DNS servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted DNS record, related to the dns_get_record function and the dn_expand function. NOTE: this issue exists because of an incomplete fix for CVE-2014-4049.", "Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dns_get_record() function to perform a DNS query." ], "statement": "This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "This issue was discovered by David Kutálek (Red Hat BaseOS QE).", "upstream_fix": "php 5.5.16, php 5.4.32", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3597\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3597" ], "name": "CVE-2014-3597", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use insufficient interpreter stack-size checking during error handling to crash the interpreter.", "It was discovered that ghostscript did not properly handle certain stack overflow error conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16542\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16542" ], "name": "CVE-2018-16542", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application." ], "statement": "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "libxml2 2.9.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14404\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14404" ], "name": "CVE-2018-14404", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8813\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8813\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8813", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0384\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0384\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL" ], "name": "CVE-2014-0384", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-90", "details": [ "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5730\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5730" ], "name": "CVE-2018-5730", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c.", "A memory leak was discovered in ImageMagick in the XMagickCommand function in animate.c file. An array of strings, named filelist, is allocated on the heap but not released in case the function ExpandFilenames returns an error code." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13153\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13153" ], "name": "CVE-2018-13153", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-331->CWE-200", "details": [ "In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.", "A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a net_hash_mix() function. A remote user could observe a weak IP ID generation in this field to track Linux devices." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10638\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10638\nhttps://arxiv.org/pdf/1906.10478.pdf" ], "name": "CVE-2019-10638", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3539\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3539\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3539", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.", "An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.2h, openssl 1.0.1t", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2105\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2105\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2105", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and hook into the begin and end tag event handlers In both cases, the \"open\" event is immediately followed by a \"close\" event - even if the tag *does not* close in the HTML being parsed. Because of this, we are missing the \"text\" event to deal with the object normally. This can cause carefully crafted emails that might take more scan time than expected leading to a Denial of Service. The issue is possibly a bug or design decision in HTML::Parser that specifically impacts the way Apache SpamAssassin uses the module with poorly formed html. The exploit has been seen in the wild but not believed to have been purposefully part of a Denial of Service attempt. We are concerned that there may be attempts to abuse the vulnerability in the future.", "A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing the delivery of email." ], "upstream_fix": "spamassassin 3.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15705\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15705\nhttps://mail-archives.apache.org/mod_mbox/spamassassin-announce/201809.mbox/raw/%3Cc57c0f41-742c-3c3e-249c-ae2614bf0d7d%40apache.org%3E/" ], "name": "CVE-2017-15705", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", "A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania), and Yuval Yarom (University of Adelaide and NICTA) as the original reporters.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0702\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0702\nhttp://cachebleed.info/\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0702", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. This could lead to a crash of the GnuTLS server application.", "A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash." ], "acknowledgement": "This issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7507\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7507\nhttps://www.gnutls.org/security.html#GNUTLS-SA-2017-4" ], "name": "CVE-2017-7507", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-454", "details": [ "In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.", "A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would unintentionally install, thus executing the malicious code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This issue affects the versions of kdelibs as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14744\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14744\nhttps://kde.org/info/security/advisory-20190807-1.txt" ], "name": "CVE-2019-14744", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4489\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4489\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-90.html" ], "name": "CVE-2015-4489", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.", "A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6591\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6591\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2014-6591", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-05T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.", "It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved)." ], "statement": "This issue affects the version of subversion as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Apache Software Foundation for reporting this issue.", "upstream_fix": "Subversion 1.7.21, Subversion 1.8.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3187\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3187\nhttp://subversion.apache.org/security/CVE-2015-3187-advisory.txt" ], "name": "CVE-2015-3187", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8814\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8814\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8814", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618.", "A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail." ], "statement": "This issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of procmail as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-16844\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16844" ], "name": "CVE-2017-16844", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-626", "details": [ "PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.", "It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions." ], "upstream_fix": "php 5.4.40, php 5.6.8, php 5.5.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3411\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3411" ], "name": "CVE-2015-3411", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-29T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (infinite loop or out-of-bounds memory access) via a vector that (1) has zero length or (2) is too long.", "A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file." ], "statement": "This issue did not affect the php and the file packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of file as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Francisco Alonso (Red Hat Product Security).", "upstream_fix": "php 5.5.13, php 5.4.29", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0238\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0238" ], "name": "CVE-2014-0238", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-11-24T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.", "The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-16939\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16939" ], "name": "CVE-2017-16939", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-356", "details": [ "It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.", "It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location." ], "acknowledgement": "Red Hat would like to thank The LibreOffice project for reporting this issue. Upstream acknowledges Alex Inführ as the original reporter.", "upstream_fix": "libreoffice 6.1.3, libreoffice 6.0.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16858\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16858\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/" ], "name": "CVE-2018-16858", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.", "A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges David Keeler as the original reporter.", "upstream_fix": "nss 3.19.4, nss 3.19.2.1, nss 3.20.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7182\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7182\nhttps://access.redhat.com/articles/2043623\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-133.html" ], "name": "CVE-2015-7182", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-201", "details": [ "The jabber_idn_validate function in jutil.c in the Jabber protocol plugin in libpurple in Pidgin before 2.10.10 allows remote attackers to obtain sensitive information from process memory via a crafted XMPP message.", "An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message." ], "acknowledgement": "Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Paul Aurich and Thijs Alkemade as the original reporters.", "upstream_fix": "pidgin 2.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3698\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3698" ], "name": "CVE-2014-3698", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-22T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.", "It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own." ], "statement": "Applying the fix provided to mitigate this issue may cause Tomcat to return 400 status after updating. For more information, refer to https://access.redhat.com/solutions/2891171", "upstream_fix": "tomcat 6.0.48, tomcat 7.0.73, tomcat 8.5.8, tomcat 8.0.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6816\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6816\nhttps://access.redhat.com/articles/2991951\nhttps://access.redhat.com/solutions/2891171\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8" ], "name": "CVE-2016-6816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.", "A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory." ], "statement": "This did not affect openssl packages in Red Hat Enterprise Linux 5 (based on upstream 0.9.8e) and openssl 1.0.0 packages in Red Hat Enterprise Linux 6 (i.e. packages released before RHBA-2013:1585, which rebased openssl from 1.0.0 to 1.0.1e). The issue was introduced upstream in versions 0.9.8o and 1.0.0a.", "upstream_fix": "openssl 0.9.8zb, openssl 1.0.1i, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3507\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3507\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3507", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-13T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.", "It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by Ondrej Kozina (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7042\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7042" ], "name": "CVE-2016-7042", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12363\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12363\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12363" ], "name": "CVE-2018-12363", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.", "A vulnerability was found in hiddev_open in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddev_list cleanup occurs at failure, as this may lead to a use-after-free problem, or possibly escalate privileges to an unauthorized user." ], "statement": "This issue is rated as Moderate because of the need of physical access to the system.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19527\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19527" ], "name": "CVE-2019-19527", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-30T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file." ], "acknowledgement": "Red Hat would like to thank Aladdin Mubaied for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3616\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3616" ], "name": "CVE-2016-3616", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-16T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-306", "details": [ "firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.", "A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings." ], "upstream_fix": "firewalld 0.4.3.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5410\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5410" ], "name": "CVE-2016-5410", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Owen, Bogdan Tara, Boris Zbarsky, Calixte Denizet, Christian Holler, Gary Kwong, Jason Kratzer, Jed Davis, Philipp, Raul Gurzau, Raymond Forbes, Ronald Crane, Taegeon Lee, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12390\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12390\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390" ], "name": "CVE-2018-12390", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-248", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.", "A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0488\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0488\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0488", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Herre as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2731\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2731\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-63.html" ], "name": "CVE-2015-2731", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7749\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7749\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7749" ], "name": "CVE-2017-7749", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12360\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12360\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12360" ], "name": "CVE-2018-12360", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "An issue was discovered in Artifex Ghostscript before 9.24. Incorrect \"restoration of privilege\" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction.", "It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document." ], "statement": "This issue did affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7. \nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16509\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16509\nhttp://seclists.org/oss-sec/2018/q3/142" ], "csaw": true, "name": "CVE-2018-16509", "mitigation": { "value": "* ImageMagick relies on ghostscript when processing certain files formats. Thus, ImageMagick can be used as an attack vector. In order to prevent ImageMagick from processing those files on Red Hat Enterprise Linux 6 and 7, you can disable the use of ghostscript and the processing of PS, EPS, PDF, and XPS file formats in ImageMagick's security policy by opening /etc/ImageMagick/policy.xml and adding the following lines to the \"\" section of the file:\n```\n\n\n\n\n\n```\n* Additionally, this issue can be triggered when processing files in order to generate thumbnails, for example when browsing a folder containing a malicious PostScript file in Nautilus. To prevent this, remove or rename the \"/usr/bin/evince-thumbnailer\" executable.\nIn Red Hat Enterprise Linux v.7.6 and above, the thumbnailing is done in a sandbox.\n* It is possible to run PDF/PS viewers, such as evince and okular, in a SELinux sandbox using the `sandbox` command from the policycoreutils-sandbox package :\n$ sandbox -X evince \nThe sandbox will prevent an attacker to make modifications on the file system.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2017-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.", "The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17558\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17558" ], "name": "CVE-2017-17558", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-04T09:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.", "A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system." ], "statement": "This issue requires access to a DAX enabled storage.\nThis issue affects Red Hat Enterprise Linux 7 kernels starting with kernel-3.10.0-862, that is Red Hat Enterprise Linux 7.5 GA kernel. Red Hat Enterprise Linux 7 kernels prior to that version are not affected as they did not include the functionality that enabled this issue to be exploited.\nRed Hat Product Security is aware of this issue. Updates will be released as they become available.", "acknowledgement": "Red Hat would like to thank Fan Yang for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10757\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10757\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9\nhttps://www.openwall.com/lists/oss-security/2020/06/04/4" ], "name": "CVE-2020-10757", "mitigation": { "value": "Do not use DAX enabled storage.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9077\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9077" ], "name": "CVE-2017-9077", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-04T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.", "A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system." ], "statement": "This issue did not affect the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue requires local system access to be exploited. We are currently not aware of any working exploit for Red Hat Enterprise Linux 6 or Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3153\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3153" ], "name": "CVE-2014-3153", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.", "It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet." ], "upstream_fix": "tomcat 6.0.47, tomcat 8.5.5, tomcat 7.0.72, tomcat 8.0.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6796\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6796\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-6796", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-05T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.", "A vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). The process stops when the amount collected so far + the claimed amount in the current NM entry exceed 254. However, the value returned as the total length is the sum of *claimed* sizes, not the actual amount collected. And that's what will be passed to readdir() callback as the name length - 8Kb __copy_to_user() from a buffer allocated by __get_free_page()." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4913\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4913" ], "name": "CVE-2016-4913", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8688\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8688\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8688", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-10T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", "A security flaw was found in the Linux kernel in the mark_source_chains() function in \"net/ipv4/netfilter/ip_tables.c\". It is possible for a user-supplied \"ipt_entry\" structure to have a large \"next_offset\" field. This field is not bounds checked prior to writing to a counter value at the supplied offset." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This issue is not currently planned to be addressed in future updates, as user namespaces which the flaw affects are not supported in these products. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3134\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3134" ], "name": "CVE-2016-3134", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-28T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in ghostscript, versions 9.x before 9.50, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.", "A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Hiroki MATSUKUMA (Cyber Defense Institute) as the original reporter.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14813\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14813" ], "name": "CVE-2019-14813", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.", "A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-11176\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11176" ], "name": "CVE-2017-11176", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-05-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.", "A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root." ], "statement": "This vulnerability exists in the samba server, client side packages are not affected.", "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7494\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7494\nhttps://www.samba.org/samba/security/CVE-2017-7494.html" ], "csaw": true, "name": "CVE-2017-7494", "mitigation": { "value": "Any of the following:\n1. SELinux is enabled by default and our default policy prevents loading of modules from outside of samba's module directories and therefore blocks the exploit\n2. Mount the filesystem which is used by samba for its writable share using \"noexec\" option.\n3. Add the parameter:\nnt pipe support = no\nto the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2018-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts." ], "statement": "This issue affects the versions of uriparser as shipped with Red Hat Enterprise Linux 7.", "upstream_fix": "uriparser 0.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19198\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19198" ], "name": "CVE-2018-19198", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.", "A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14868\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14868" ], "name": "CVE-2019-14868", "mitigation": { "value": "No known mitigation available.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726." ], "statement": "This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the vulnerable code.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10963\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10963" ], "name": "CVE-2018-10963", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-18T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.", "A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "upstream_fix": "jasper 1.900.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8137\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8137\nhttp://www.ocert.org/advisories/ocert-2014-012.html" ], "name": "CVE-2014-8137", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.", "An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not." ], "acknowledgement": "This issue was discovered by Martin Basti (Red Hat) and Petr Spacek (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4992\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4992\nhttps://github.com/389ds/389-ds-base/commit/0b932d4b926d46ac5060f02617330dc444e06da1" ], "name": "CVE-2016-4992", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-567", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2579\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2579" ], "name": "CVE-2018-2579", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5254\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5254\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-70.html" ], "name": "CVE-2016-5254", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-10-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.", "An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7981\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7981" ], "name": "CVE-2015-7981", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.64, mariadb 10.4.5, mariadb 10.3.15, mariadb 10.2.24, mariadb 10.1.39, mysql 8.0.16, mysql 5.6.44, mysql 5.7.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2614\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2614\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" ], "name": "CVE-2019-2614", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000075\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000075\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000075", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14578\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14578" ], "name": "CVE-2020-14578", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18493\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18493\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18493" ], "name": "CVE-2018-18493", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5439\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5439\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5439" ], "name": "CVE-2017-5439", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-10T09:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-327", "details": [ "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.", "A flaw was discovered in the Bluetooth protocol. An attacker within physical proximity to the Bluetooth connection could downgrade the encryption protocol to be trivially brute forced." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9506\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9506" ], "name": "CVE-2019-9506", "mitigation": { "value": "At this time there is no known mitigation if bluetooth hardware is to be continue to be used. Replacing the hardware with its wired version and disabling bluetooth may be a suitable alternative for some environments.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-390", "details": [ "The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.", "A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application." ], "acknowledgement": "Red Hat would like to thank Hans Jerry Illikainen for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5399\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5399" ], "name": "CVE-2016-5399", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while re-computing layout for a \"marquee\" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7801\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7801\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7801" ], "name": "CVE-2017-7801", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-31T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code." ], "statement": "The versions of memcached as shipped with Red Hat OpenStack Platform 7, 8 and 9 are affected by this issue however will not be updated. The latest version of memcached from Red Hat Enterprise Linux 7 can safely be allowed to supersede the earlier versions provided in the Red Hat OpenStack Platform channels.", "upstream_fix": "memcached 1.4.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8704\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8704\nhttp://www.talosintelligence.com/reports/TALOS-2016-0219/" ], "name": "CVE-2016-8704", "mitigation": { "value": "This flaw is in the memcached binary protocol. If you client programs only use the ASCII protocol when communicating with memcached, you can disable the binary protocol and protect against this flaw by adding \"-B ascii\" to OPTIONS in /etc/sysconfig/memcached.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2641\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2641" ], "name": "CVE-2018-2641", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8735\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8735\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8735", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-09-15T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.", "A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6410\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6410" ], "name": "CVE-2014-6410", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-12T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-266", "details": [ "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.", "It was found that the system umask policy is not being honored when creating XDG user directories (~/Desktop etc) on first login. This could lead to user's files being inadvertently exposed to other local users." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15131\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15131" ], "name": "CVE-2017-15131", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7924\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7924" ], "name": "CVE-2016-7924", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew Swan and Rob Wu as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12395\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12395\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12395" ], "name": "CVE-2018-12395", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c." ], "upstream_fix": "ImageMagick 6.9.10-43, ImageMagick 7.0.8-43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16713\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16713" ], "name": "CVE-2019-16713", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.", "A use-after-free flaw was found in the acm_probe USB subsystem in the Linux kernel. A race condition occurs when a destroy() procedure is initiated allowing the refcount to decrement on the interface so early that it is never under counted. A malicious USB device is required for exploit. System availability is the largest threat from the vulnerability, however data integrity and confidentiality are also threatened." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19530\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19530\nhttp://seclists.org/oss-sec/2019/q4/115\nhttp://www.openwall.com/lists/oss-security/2019/12/03/4\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625" ], "name": "CVE-2019-19530", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-29T00:00:00Z", "cvss3": { "cvss3_base_score": "2.6", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.", "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials." ], "upstream_fix": "python-requests 2.20.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18074\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18074" ], "name": "CVE-2018-18074", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-03-31T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-672", "details": [ "In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11044\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11044" ], "name": "CVE-2020-11044", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-12T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a \"state machine confusion bug.\"", "A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9083\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9083" ], "name": "CVE-2016-9083", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-28T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "glibc 2.29", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10739\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10739" ], "name": "CVE-2016-10739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3150\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3150" ], "name": "CVE-2018-3150", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.", "A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francisco Alonso and Javier Marcos as the original reporter.", "upstream_fix": "firefox 68.6.1, firefox 74.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6820\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6820\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820" ], "name": "CVE-2020-6820", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-21T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.", "It was found that the forceput operator could be extracted from the DefineResource method. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER." ], "acknowledgement": "This issue was discovered by Cedric Buissart (Red Hat).", "upstream_fix": "ghostscript 9.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3838\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3838\nhttps://bugs.ghostscript.com/show_bug.cgi?id=700576" ], "name": "CVE-2019-3838", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-01T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-772", "details": [ "Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.", "A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfs_attr_shortform_list and xfs_attr3_leaf_list_int when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of service situation." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 and 7. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Qian Cai (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9685\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9685" ], "name": "CVE-2016-9685", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.", "It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document." ], "upstream_fix": "libreoffice 5.1.6, libreoffice 5.2.5, libreoffice 5.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3157\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3157\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/" ], "name": "CVE-2017-3157", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-17T00:00:00Z", "cvss": { "cvss_base_score": "3.2", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.", "An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process." ], "statement": "This issue does not affect the versions of libvirt packages as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of libvirt packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "acknowledgement": "This issue was discovered by Luyao Huang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3633\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3633" ], "name": "CVE-2014-3633", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).", "Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root." ], "acknowledgement": "This issue was discovered by Red Hat Product Security.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3265\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3265" ], "name": "CVE-2017-3265", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.", "It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service." ], "statement": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of rh-ruby24-ruby.\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.3.5, ruby 2.2.8, ruby 2.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14033\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14033\nhttps://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/" ], "name": "CVE-2017-14033", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-05-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-807", "details": [ "Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.", "A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root." ], "acknowledgement": "Red Hat would like to thank Qualys Security for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000367\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000367\nhttps://access.redhat.com/security/vulnerabilities/3059071\nhttps://www.sudo.ws/alerts/linux_tty.html" ], "name": "CVE-2017-1000367", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.", "It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7, and MRG-2. Future Linux kernel updates for the respective releases might address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4312\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4312" ], "name": "CVE-2013-4312", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.", "A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share." ], "statement": "This issue affects the version of samba shipped with Red Hat Gluster Storage 3, as it contains the vulnerable functionality.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann for reporting this issue.", "upstream_fix": "samba 4.8.11, samba 4.9.6, samba 4.10.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3880\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3880\nhttps://www.samba.org/samba/security/CVE-2019-3880.html" ], "name": "CVE-2019-3880", "mitigation": { "value": "Either turn off SMB1 by setting the global parameter:\n'min protocol = SMB2'\nor if SMB1 is required turn off unix extensions by setting the global parameter:\n'unix extensions = no'\nin the smb.conf file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-09T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-73", "details": [ "GNU wget before 1.18 allows remote servers to write to arbitrary files by redirecting a request from HTTP to a crafted FTP resource.", "It was found that wget used a file name provided by the server for the downloaded file when following a HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client." ], "acknowledgement": "Red Hat would like to thank GNU wget project for reporting this issue. Upstream acknowledges Dawid Golunski as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4971\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4971" ], "name": "CVE-2016-4971", "mitigation": { "value": "Use wget with \"-O\" option to explicitly specify the output filename.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-26T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.", "A stack-based buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8501\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8501" ], "name": "CVE-2014-8501", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "upstream_fix": "icedtea 2.4.7, icedtea 1.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0457\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0457\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0457", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-284", "details": [ "In Mercurial before 4.1.3, \"hg serve --stdio\" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.", "A flaw was found in the way \"hg serve --stdio\" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options." ], "upstream_fix": "mercurial 4.1.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9462\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9462" ], "name": "CVE-2017-9462", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.", "A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the \"DEFLATE\" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system." ], "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0118\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0118\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0118", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-805", "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4500\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4500\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-96/" ], "name": "CVE-2015-4500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14036\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14036" ], "name": "CVE-2018-14036", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2738\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2738\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2738", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-31T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.", "A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nft_verdict_init() function, allowing positive values as a drop error within the hook verdict, therefore, the nf_hook_slow() function can cause a double-free vulnerability when NF_DROP is issued with a drop error that resembles NF_ACCEPT. The nf_tables component can be exploited to achieve local privilege escalation." ], "statement": "This flaw is rated as having an Important impact. There is the limitation that it can only be exploited by a local user with access to Netfilter, but can still allow privilege escalation if user namespaces are enabled and Netfilter is being used.", "upstream_fix": "kernel 6.8-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1086\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1086\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660\nhttps://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660" ], "csaw": true, "name": "CVE-2024-1086", "mitigation": { "value": "1. This flaw can be mitigated by preventing the affected netfilter (nf_tables) kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.\n2. If the module cannot be disabled, on non-containerized deployments of Red Hat Enterprise Linux, the mitigation is to disable user namespaces:\n```\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n```\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use the second mitigation (disabling user namespaces) as the functionality is needed to be enabled. The first mitigation (blacklisting nf_tables) is still viable for containerized deployments, providing the environment is not using netfilter.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2016-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.", "A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10196\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10196" ], "name": "CVE-2016-10196", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-502->CWE-190->CWE-200", "details": [ "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.", "A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value." ], "statement": "This flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10911\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10911" ], "name": "CVE-2018-10911", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4511\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4511\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-105/" ], "name": "CVE-2015-4511", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.", "A race condition was found in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service." ], "acknowledgement": "This issue was discovered by Thierry Bordaz (Red Hat).", "upstream_fix": "389-ds-base 1.4.0.10, 389-ds-base 1.3.8.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10850\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10850\nhttps://pagure.io/389-ds-base/issue/49768" ], "name": "CVE-2018-10850", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference.", "A stack buffer overflow flaw was found in glibc in the way the printf family of functions processed an 80-bit long double with a non-canonical bit pattern. This flaw allows an attacker who can control the arguments of these functions with the non-standard long double pattern to trigger an overflow and cause an application crash. The highest threat from this vulnerability is to system availability." ], "statement": "This is essentially a crash which can only be triggered by a non-standard argument passed as a long double input to a member of printf family of functions. The application has to be written in this way to allow this issue to be triggered. The maximum impact is an application crash.", "upstream_fix": "glibc 2.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-29573\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-29573\nhttps://sourceware.org/pipermail/libc-alpha/2020-September/117779.html" ], "name": "CVE-2020-29573", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.", "It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances." ], "acknowledgement": "This issue was discovered by Martin Poole (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15135\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15135" ], "name": "CVE-2017-15135", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-807", "details": [ "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Niklas Baumstark as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9811\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-9811" ], "name": "CVE-2019-9811", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.", "An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service." ], "upstream_fix": "kernel 4.18-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13094\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13094" ], "name": "CVE-2018-13094", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-12T12:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.", "A flaw was found in dovecot. An out-of-bounds read flaw was found in the way dovecot handled NTLM authentication allowing an attacker to crash the dovecot auth process repeatedly preventing login. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank the Dovecot project for reporting this issue.", "upstream_fix": "dovecot 2.3.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12673\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12673\nhttps://dovecot.org/pipermail/dovecot-news/2020-August/000442.html" ], "name": "CVE-2020-12673", "mitigation": { "value": "Upstream suggests that this flaw can be mitigated by disabling NTLM authentication. NTLM authentication can be disabled by using the configuration parameter \"auth_mechanisms\". More details available at: https://doc.dovecot.org/configuration_manual/authentication/authentication_mechanisms/", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security." ], "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0453\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0453\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0453", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size, which leads to a tif_jbig.c JBIGDecode out-of-bounds write." ], "statement": "This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of libtiff as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18557\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18557" ], "name": "CVE-2018-18557", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-20T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser." ], "upstream_fix": "mariadb 10.0.26, mariadb 5.5.50, mariadb 10.1.15, mysql 5.7.13, mysql 5.5.50, mysql 5.6.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3477\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3477\nhttp://www.oracle.com/technetwork/topics/security/cpujul2016-2881720.html" ], "name": "CVE-2016-3477", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", "An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application." ], "statement": "This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 and 6 as the flaw was introduced in a later version (1.11).", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9423\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9423\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-9423", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-09T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU)." ], "upstream_fix": "tcpdump 4.7.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2153\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2153" ], "name": "CVE-2015-2153", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-11T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.", "It was found that the unlink and rename functionality in overlayfs did not verify the upper dentry for staleness. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to panic or crash the system." ], "statement": "This issue is not present in the Linux kernel packages as shipped with Red Hat Enterprise Linux versions 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by CAI Qian (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6197\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6197" ], "name": "CVE-2016-6197", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-02T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).", "Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a \"mcryptd(alg)\" name construct. This causes mcryptd to crash the kernel if an arbitrary \"alg\" is incompatible and not intended to be used with mcryptd." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG-2 as the flaw is not present in the products listed.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10147\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10147" ], "name": "CVE-2016-10147", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.", "It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.3.7, samba 4.2.10, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2112\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2112\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2112", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.", "A flaw that allowed an attacker to leak kernel memory was found in the network subsystem where an attacker with permissions to create tun/tap devices can create a denial of service and panic the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15916\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15916" ], "name": "CVE-2019-15916", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.", "A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Imre Rad (Search-Lab) as the original reporter.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0221\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0221\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0221", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "Off-by-one error in the is_rtsp_request_or_reply function in epan/dissectors/packet-rtsp.c in the RTSP dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers parsing of a token located one position beyond the current position." ], "upstream_fix": "wireshark 1.12.1, wireshark 1.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6427\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6427\nhttps://www.wireshark.org/security/wnpa-sec-2014-17.html" ], "name": "CVE-2014-6427", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7926\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7926" ], "name": "CVE-2016-7926", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7212\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7212\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-139.html" ], "name": "CVE-2015-7212", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.", "A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers." ], "upstream_fix": "httpd 2.4.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10098\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10098\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2019-10098", "mitigation": { "value": "This flaw requires the use of certain Rewrite configuration directives. The following command can be used to search for possible vulnerable configurations:\ngrep -R '^\\s*Rewrite' /etc/httpd/\nSee https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-24T12:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125->CWE-787", "details": [ "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.", "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host." ], "statement": "This issue affects the version of the qemu-kvm package as shipped with the Red Hat Enterprise Linux 6, 7 and 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 6, 7 and 8 may\naddress this issue.\nRed Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in its future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat OpenStack Platform 15 and newer consume fixes directly from the Red Hat Enterprise Linux 8 Advanced Virtualization repository.", "acknowledgement": "Red Hat would like to thank Xiao Wei (360.com) and Ziming Zhang for reporting this issue.", "upstream_fix": "QEMU 5.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14364\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14364\nhttps://www.openwall.com/lists/oss-security/2020/08/24/2\nhttps://www.openwall.com/lists/oss-security/2020/08/24/3" ], "name": "CVE-2020-14364", "mitigation": { "value": "Using Libvirt management interface to manage guest VMs significantly reduces impact of this issue. Libvirt starts each guest process with an unprivileged system user(ex. qemu) privileges and further confines the process with strict sVirt and SELinux policies.\n* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_security_guide/", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5278\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5278\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5278", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-20T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.", "A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 7 and MRG-2. This issue is not currently planned to be addressed in future Red Hat Enterprise Linux 5 kernel updates. Future Linux kernel updates for other releases may address this issue.\nFor additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3339\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3339" ], "name": "CVE-2015-3339", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8808\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8808\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8808", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-369", "details": [ "Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled." ], "statement": "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18521\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18521" ], "name": "CVE-2018-18521", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky, Carsten Book, Christian Holler, David Bolter, Gary Kwong, Jesse Ruderman, Mats Palmgren, and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2806\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2806\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-39.html" ], "name": "CVE-2016-2806", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4287\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4287" ], "name": "CVE-2014-4287", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file." ], "upstream_fix": "libxml2 2.9.6, chromium-browser 63.0.3239.84", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15412\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15412\nhttps://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" ], "name": "CVE-2017-15412", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.", "An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash." ], "upstream_fix": "ntp 4.2.8p7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2518\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2518\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security" ], "name": "CVE-2016-2518", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible for an attacker to bake a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects were subject to this vulnerability.", "It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability." ], "statement": "This issue affects the versions of groovy as shipped with Red Hat Satellite 6.0 and 6.1. Red Hat Satellite 6.2 and later do not ship groovy, as such they are not affected by this vulnerability.", "upstream_fix": "groovy 2.4.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6814\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6814" ], "name": "CVE-2016-6814", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.", "It was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.5.1, ruby 2.3.7, ruby 2.4.4, ruby 2.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17742\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17742\nhttps://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/" ], "name": "CVE-2017-17742", "mitigation": { "value": "The server can manually sanitize possibly untrusted headers prior to inserting them in the reply.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.", "A path traversal vulnerability has been discovered in plexus-archiver when extracting a carefully crafted zip file which holds path traversal file names. A remote attacker could use this vulnerability to write files outside the target directory and overwrite existing files with malicious code or vulnerable configurations." ], "acknowledgement": "Red Hat would like to thank Danny Grander (Snyk) for reporting this issue.", "upstream_fix": "plexus-archiver 3.6.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1002200\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1002200\nhttps://snyk.io/research/zip-slip-vulnerability" ], "name": "CVE-2018-1002200", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.", "A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Volker Lendecke (SerNet and the Samba Team) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15275\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15275\nhttps://www.samba.org/samba/security/CVE-2017-15275.html" ], "name": "CVE-2017-15275", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-04T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.", "A directory traversal flaw was found in the strip and objcopy utilities. A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8737\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8737" ], "name": "CVE-2014-8737", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image." ], "upstream_fix": "ImageMagick 6.9.10-43, ImageMagick 7.0.8-43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16712\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16712" ], "name": "CVE-2019-16712", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL." ], "upstream_fix": "mariadb 5.5.39, mariadb 10.0.13, mysql 5.5.39, mysql 5.6.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0391\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0391\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL" ], "name": "CVE-2015-0391", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8768\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8768\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8768", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-862", "details": [ "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.", "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel." ], "statement": "This issue is rated as having Moderate impact due to the required privileges and hardware dependencies.", "acknowledgement": "Red Hat would like to thank Daniel Axtens (IBM) for reporting this issue.", "upstream_fix": "kernel 5.10-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-27777\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27777\nhttps://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764\nhttps://www.openwall.com/lists/oss-security/2020/10/09/1\nhttps://www.openwall.com/lists/oss-security/2020/11/23/2" ], "name": "CVE-2020-27777", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.", "It was found that when acting as an SSH server, paramiko did not properly check whether authentication is completed before processing other requests. A customized SSH client could use this to bypass authentication when accessing any resources controlled by paramiko." ], "statement": "This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing `paramiko.ServerInterface`). Where paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited.\nThe following Red Hat products use paramiko only in client-side mode. Server side functionality is not used.\n* Red Hat Ceph Storage 2\n* Red Hat CloudForms 4\n* Red Hat Enterprise Linux 7\n* Red Hat Enterprise Virtualization\n* Red Hat Gluster Storage 3\n* Red Hat Openshift Container Platform\n* Red Hat Quick Cloud Installer\n* Red Hat Satellite 6\n* Red Hat Storage Console 2\n* Red Hat OpenStack Platform\n* Red Hat Update Infrastructure", "upstream_fix": "python-paramiko 2.2.3, python-paramiko 2.1.5, python-paramiko 2.4.1, python-paramiko 1.18.5, python-paramiko 2.3.2, python-paramiko 2.0.8, python-paramiko 1.17.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7750\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7750" ], "name": "CVE-2018-7750", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-01T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13033\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13033" ], "name": "CVE-2018-13033", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.", "A flaw was found in the Linux kernel. An integer overflow in the firmware for some Intel(R) Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this issue.\nDue to the full fix (combination of kernel and firmware updates) being invasive and GUC firmware loading is off by default, Red Hat Enterprise Linux kernel versions prior to the Linux kernel version shipped with Red Hat Enterprise Linux 8.4 GA (kernel-4.18.0-305.el8) print a warning in the kernel log (\"GUC firmware is insecure - CVE 2020-12362 - Please update to a newer release to get secure GUC\") and do not rely on the firmware fix. As a result, Red Hat Enterprise Linux versions prior Red Hat Enterprise Linux 8.4 GA (including Red Hat Enterprise Linux 6 and 7) do not include the updated firmware packages.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12362\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12362" ], "name": "CVE-2020-12362", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.", "It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system." ], "statement": "This issue does affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5, even though the impact is limited.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3690\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3690" ], "name": "CVE-2014-3690", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.", "The net/netfilter/nfnetlink_cthelper.c function in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations. This allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2, as a code with the flaw is not present or is not built in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17448\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17448" ], "name": "CVE-2017-17448", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-459", "details": [ "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access." ], "statement": "Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA, and documentation) for releasing this content as RHSA. For more information please contact the binary content vendor.", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21166\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21166\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html" ], "name": "CVE-2022-21166", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.", "A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges." ], "upstream_fix": "openssh 7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6564\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6564\nhttp://www.openssh.com/txt/release-7.0" ], "name": "CVE-2015-6564", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-09-07T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-305", "details": [ "Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity." ], "statement": "This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing `paramiko.ServerInterface`). Where paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited.\nThe following Red Hat products use paramiko only in client-side mode. Server side functionality is not used.\n* Red Hat Ansible Engine 2\n* Red Hat Ceph Storage 2\n* Red Hat CloudForms 4\n* Red Hat Enterprise Linux 7\n* Red Hat Enterprise Virtualization\n* Red Hat Gluster Storage 3\n* Red Hat Openshift Container Platform\n* Red Hat Quick Cloud Installer\n* Red Hat Satellite 6\n* Red Hat Storage Console 2\n* Red Hat OpenStack Platform\n* Red Hat Update Infrastructure", "upstream_fix": "python-paramiko 2.2.4, python-paramiko 2.4.2, python-paramiko 2.1.6, python-paramiko 2.0.9, python-paramiko 2.3.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000805\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000805" ], "name": "CVE-2018-1000805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2800\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2800" ], "name": "CVE-2020-2800", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts)." ], "upstream_fix": "mariadb 10.1.21, mariadb 10.0.29, mariadb 5.5.54, mysql 5.5.54, mysql 5.6.35, mysql 5.7.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3318\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3318\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" ], "name": "CVE-2017-3318", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-02T00:00:00Z", "cvss": { "cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.", "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise\nLinux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this\nissue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8630\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8630" ], "name": "CVE-2016-8630", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.", "A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes." ], "upstream_fix": "kernel 5.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2964\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2964" ], "name": "CVE-2022-2964", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML." ], "upstream_fix": "mariadb 5.5.44, mariadb 10.0.20, mysql 5.6.25, mysql 5.5.44", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2648\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2648\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html#MSQL" ], "name": "CVE-2015-2648", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-4 has a memory leak in ReadMIFFImage in coders/miff.c." ], "upstream_fix": "ImageMagick 7.0.8-5, ImageMagick 6.9.10-5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14436\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14436" ], "name": "CVE-2018-14436", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.", "Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2570\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2570\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2570", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7573\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7573" ], "name": "CVE-2019-7573", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Scott Bell as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2713\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2713\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-51.html" ], "name": "CVE-2015-2713", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9076\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9076" ], "name": "CVE-2017-9076", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-24T18:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.", "A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially access information of the L1 hypervisor." ], "acknowledgement": "This issue was discovered by Paolo Bonzini (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2732\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2732" ], "name": "CVE-2020-2732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-390", "details": [ "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue.", "A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions." ], "upstream_fix": "openssl 1.0.1i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3511\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3511\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3511", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8587\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8587\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8587", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "_XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow." ], "statement": "This issue affects the versions of libXcursor as shipped with Red Hat Enterprise Linux 5, 6, and 7.", "upstream_fix": "libxcursor 1.1.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-9262\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9262" ], "name": "CVE-2015-9262", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2762\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2762" ], "name": "CVE-2019-2762", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).", "It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.4.4, ruby 2.5.1, ruby 2.2.10, ruby 2.3.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8777\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8777\nhttps://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/" ], "name": "CVE-2018-8777", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter.", "It was discovered that the ghostscript device cleanup did not properly handle devices replaced with a null device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16541\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16541\nhttps://www.artifex.com/news/ghostscript-security-resolved/\nhttps://www.kb.cert.org/vuls/id/332928" ], "name": "CVE-2018-16541", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.", "An out-of-bounds read has been discovered in libsoup when getting cookies from a URI with empty hostname. An attacker may use this flaw to cause a crash in the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12910\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12910" ], "name": "CVE-2018-12910", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1587\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1587\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-83.html" ], "name": "CVE-2014-1587", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-22T00:00:00Z", "cvss": { "cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3044\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3044" ], "name": "CVE-2016-3044", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15693\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15693" ], "name": "CVE-2019-15693", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0686\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0686\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-0686", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2618\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2618" ], "name": "CVE-2018-2618", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-10T10:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.", "A NULL pointer dereference flaw was found in the Linux kernel’s Virtual Terminal subsystem was found in how a user calls the VT_RESIZEX ioctl. This flaw allows a local user to crash the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-36558\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36558\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb" ], "name": "CVE-2020-36558", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code.", "A double-free vulnerability was found in Quagga. A BGP peer could send a specially crafted UPDATE message which would cause allocated blocks of memory to be free()d more than once, potentially leading to a crash or other issues." ], "statement": "Glibc's heap protection mitigations render this issue more difficult to exploit, though bypasses may still be possible.", "acknowledgement": "Red Hat would like to thank the Quagga project for reporting this issue.", "upstream_fix": "quagga 1.2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5379\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5379\nhttps://www.quagga.net/security/Quagga-2018-1114.txt" ], "name": "CVE-2018-5379", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank The Mozilla Project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7809\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7809\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7809" ], "name": "CVE-2017-7809", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-02-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.", "An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution." ], "statement": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "acknowledgement": "Red Hat would like to thank Chris McCown for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8088\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8088" ], "name": "CVE-2018-8088", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.", "An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9776\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9776" ], "name": "CVE-2017-9776", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-08T21:30:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.", "A denial of service flaw was discovered in bind versions that include the \"deny-answer-aliases\" feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition." ], "statement": "The \"deny-answer-aliases\" configuration option is not enabled in default configurations of bind. Upstream states that this option is very rarely used. As such, if customers have not specifically enabled this option in configurations, the risk should be mitigated.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) as the original reporter.", "upstream_fix": "bind 9.12.2-P1, bind 9.9.13-P1, bind 9.11.3-S3, bind 9.10.8-P1, bind 9.11.4-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5740\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5740\nhttps://kb.isc.org/article/AA-01639/74/CVE-2018-5740" ], "name": "CVE-2018-5740", "mitigation": { "value": "Disabling the \"deny-answer-aliases\" configuration option should prevent exploitation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5277\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5277\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5277", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-21T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-122", "details": [ "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", "A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later \"import\" statement could cause a heap overflow, leading to arbitrary code execution." ], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5636\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5636" ], "name": "CVE-2016-5636", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser." ], "upstream_fix": "mariadb 10.1.8, mariadb 10.0.22, mariadb 5.5.46, mysql 5.6.27, mysql 5.5.46", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4870\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4870\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4870", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to remote code execution.", "A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter." ], "statement": "This issue did not affect the versions of rubygems as shipped with Red Hat Enterprise Linux 6.\nThis issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.6.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0903\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0903\nhttp://blog.rubygems.org/2017/10/09/2.6.14-released.html" ], "name": "CVE-2017-0903", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-787", "details": [ "mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002." ], "upstream_fix": "mercurial 4.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13347\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13347" ], "name": "CVE-2018-13347", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.", "A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/3553061\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9. Future kernel updates for the respective releases will address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, but to a lesser degree. As such, the issue severity for RHEL5 is considered Moderate. This is not currently planned to be addressed in future updates of the product due to its life cycle and the issue severity. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5390\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5390\nhttps://access.redhat.com/articles/3553061\nhttps://www.kb.cert.org/vuls/id/962459\nhttps://www.spinics.net/lists/netdev/msg514742.html" ], "csaw": true, "name": "CVE-2018-5390" }, { "threat_severity": "Low", "public_date": "2018-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-4 has a memory leak for a colormap in WriteMPCImage in coders/mpc.c." ], "upstream_fix": "ImageMagick 7.0.8-5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14434\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14434" ], "name": "CVE-2018-14434", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The dissect_write_structured_field function in epan/dissectors/packet-tn5250.c in the TN5250 dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." ], "statement": "This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5", "upstream_fix": "wireshark 1.10.11, wireshark 1.12.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8714\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8714\nhttps://www.wireshark.org/security/wnpa-sec-2014-23.html" ], "name": "CVE-2014-8714", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.", "A use-after-free flaw was found in the way NSS handled DHE (Diffie–Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Eric Rescorla as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1978\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1978\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-15.html" ], "name": "CVE-2016-1978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0827\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0827\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-19" ], "name": "CVE-2015-0827", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-193", "details": [ "An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames." ], "statement": "This issue affects the versions of libmspack as shipped with Red Hat Enterprise Linux 7.", "upstream_fix": "libmspack 0.7alpha", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14680\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14680" ], "name": "CVE-2018-14680", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2677\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2677" ], "name": "CVE-2018-2677", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2419\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2419\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL" ], "name": "CVE-2014-2419", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security." ], "upstream_fix": "icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0454\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0454\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0454", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-02-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0", "An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "upstream_fix": "dhcp 4.4.1, dhcp 4.1-ESV-R15-P1, dhcp 4.3.6-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5732\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5732\nhttps://kb.isc.org/article/AA-01565" ], "name": "CVE-2018-5732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).", "It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root." ], "acknowledgement": "This issue was discovered by Red Hat Product Security.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3291\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3291" ], "name": "CVE-2017-3291", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3862\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3862\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3862", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4513\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4513\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-116.html" ], "name": "CVE-2015-4513", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-09T18:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125->CWE-200", "details": [ "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data." ], "statement": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16866\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16866\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt" ], "name": "CVE-2018-16866", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1973\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1973\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-33.html" ], "name": "CVE-2016-1973", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.", "It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications." ], "upstream_fix": "tomcat 8.5.5, tomcat 6.0.47, tomcat 7.0.72, tomcat 8.0.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5018\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5018\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-5018", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-12T12:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.", "A flaw was found in dovecot. A remote attacker could cause a denial of service by repeatedly sending emails containing MIME parts containing malicious content of which dovecot will attempt to parse. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank the Dovecot project for reporting this issue.", "upstream_fix": "dovecot 2.3.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12100\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12100\nhttps://dovecot.org/pipermail/dovecot-news/2020-August/000441.html" ], "name": "CVE-2020-12100", "mitigation": { "value": "Upstream suggests that this flaw can be mitigated by limiting MIME structures in MTA", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-12-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare.", "An out-of-bounds read was discovered in ImageMagick when writing PNG images. An attacker may abuse this flaw to trick a victim user into downloading a malicious image file and running it through ImageMagick, causing the application to crash." ], "upstream_fix": "ImageMagick 7.0.8-43, ImageMagick 6.9.10-43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19949\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19949" ], "name": "CVE-2019-19949", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.", "A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." ], "statement": "This flaw affects applications that are compiled against OpenSSL or GnuTLS and do not allocate an extra thread for processing ClientHello messages. Nginx is affected by this issue; Apache httpd is not affected by this issue. This issue has been rated as having a security impact of Moderate. It requires an attacker to send a very large amount of SSL ALERT messages to the host network connection. This issue can also be mitigated by configuring firewalls to limit the number of connections per IP address, or use deep packet inspection to reject these type of alert packets. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8610\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8610\nhttp://security.360.cn/cve/CVE-2016-8610" ], "name": "CVE-2016-8610", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-138", "details": [ "RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.", "A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.4.2, ruby 2.2.8, ruby 2.3.5, rubygems 2.6.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0902\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0902\nhttp://blog.rubygems.org/2017/08/27/2.6.13-released.html" ], "name": "CVE-2017-0902", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7180\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7180\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7180", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-305", "details": [ "A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.", "A vulnerability was found in mod_auth_mellon. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication." ], "statement": "This issue did not affect the versions of mod_auth_mellon as shipped with Red Hat Enterprise Linux 6 as they did not include support for ECP.", "upstream_fix": "mod_auth_mellon 0.14.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3878\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3878\nhttps://github.com/Uninett/mod_auth_mellon/pull/196" ], "name": "CVE-2019-3878", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-04T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a \"double fetch\" vulnerability.", "When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and 7. This has been rated as having Moderate security impact and is planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6136\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6136" ], "name": "CVE-2016-6136", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.", "A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Subversion project for reporting this issue. Upstream acknowledges Evgeny Kotkov (VisualSVN) as the original reporter.", "upstream_fix": "subversion 1.7.19, subversion 1.8.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3580\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3580\nhttp://subversion.apache.org/security/CVE-2014-3580-advisory.txt" ], "name": "CVE-2014-3580", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-122", "details": [ "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.", "A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9636\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9636" ], "name": "CVE-2014-9636", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash." ], "statement": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "acknowledgement": "Red Hat would like to thank Hanno Böck for reporting this issue.", "upstream_fix": "httpd 2.4.28, httpd 2.2.35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9798\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9798\nhttps://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" ], "name": "CVE-2017-9798", "mitigation": { "value": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-29T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "details": [ "The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif." ], "statement": "This issue affects the version of libtiff package as shipped with Red Hat Enterprise Linux 5, 6 and 7. A further update may address this flaw in Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9655\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9655" ], "name": "CVE-2014-9655", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8099\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8099\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8099", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7754\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7754\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754" ], "name": "CVE-2017-7754", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4835\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4835\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4835", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB." ], "upstream_fix": "icedtea 2.4.7, icedtea 1.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2414\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2414\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2414", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88." ], "statement": "Tomcat 6, and Red Hat products shipping it, are not affected by this CVE. Tomcat 7, 8, and 9, as well as Red Hat Products shipping them, are affected. Affected products, including Red Hat JBoss Web Server 3 and 5, Enterprise Application Server 6, and Fuse 7, may provide fixes for this issue in a future release.", "upstream_fix": "tomcat 9.0.10, tomcat 8.5.32, tomcat 8.0.53, tomcat 7.0.90", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8034\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8034" ], "name": "CVE-2018-8034", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.", "A flaw was found in dbus. The implementation of DBUS_COOKIE_SHA1 is susceptible to a symbolic link attack. A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations resulting in an authentication bypass. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw is mitigated by the fact that by default, the well-known system dbus-daemon (since 2003) and the well-known session dbus-daemon (in stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1 at an early stage, before manipulating cookies. \nRed Hat Enterprise Linux 6 is affected by this flaw, which can be leveraged to achieve privilege escalation via upstart. This issue has been rated as having important impact for Red Hat Enterprise Linux 6.\nRed Hat Enterprise Linux 7 and 8, both ship dbus >= 1.10 and therefore are affected by this flaw only when system or session dbus-daemons are used under non-standard configurations or by third party users of DBusServer. Red Hat Enterprise Linux 7 and 8 does not ship any affected DBusServer cosumer. However third party applications may be affected.", "acknowledgement": "Red Hat would like to thank the D-Bus project for reporting this issue. Upstream acknowledges Joe Vennix (Apple Information Security) as the original reporter.", "upstream_fix": "dbus 1.10.28, dbus 1.12.16, dbus 1.13.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12749\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12749\nhttps://www.openwall.com/lists/oss-security/2019/06/11/2" ], "name": "CVE-2019-12749", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-26T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-184", "details": [ "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.", "It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat).", "upstream_fix": "sudo 1.8.18p1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7076\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7076\nhttps://www.sudo.ws/alerts/noexec_wordexp.html" ], "name": "CVE-2016-7076", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.", "It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Carl Henrik Lunde for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9420\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9420" ], "name": "CVE-2014-9420", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-04T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the \"== 0x1c\" case.", "An out-of-bounds read vulnerability has been discovered in IptcData::printStructure in iptc.cpp file of Exiv2 0.26. An attacker could cause a crash or an information leak by providing a crafted image." ], "statement": "This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7, up to 7.4, as they did not include support for printing IPTC Photo Metadata.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9305\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9305" ], "name": "CVE-2018-9305", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.", "A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation." ], "acknowledgement": "Red Hat would like to thank huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10126\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10126" ], "name": "CVE-2019-10126", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky, Carsten Book, Christian Holler, Christoph Diehl, Iris Hsiao, Jan de Mooij, Olli Pettay, Raymond Forbes, and Timothy Nikkel as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9893\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9893\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9893" ], "name": "CVE-2016-9893", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5449\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5449\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5449" ], "name": "CVE-2017-5449", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.1", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.", "The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as the flaw was already fixed in the products listed.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7915\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7915" ], "name": "CVE-2016-7915", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ryan Duff as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5284\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5284\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5284", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.", "A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service." ], "upstream_fix": "kernel 4.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19985\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19985" ], "name": "CVE-2018-19985", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-28T00:00:00Z", "cvss": { "cvss_base_score": "4.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-697->CWE-863", "details": [ "389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.", "A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server." ], "statement": "This issue does not affect the version of 389-ds-base package as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "This issue was discovered by Simo Sorce (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1854\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1854" ], "name": "CVE-2015-1854", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-05-30T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-130->CWE-119", "details": [ "Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message.", "A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Joonas Kuorilehto (Codenomicon) as the original reporter.", "upstream_fix": "gnutls 3.1.25, gnutls 3.2.15, gnutls 3.3.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3466\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3466" ], "name": "CVE-2014-3466", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7992\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7992" ], "name": "CVE-2016-7992", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-252", "details": [ "X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.", "It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8091\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8091\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8091", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8596\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8596\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8596", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries." ], "upstream_fix": "icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2413\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2413\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2413", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.", "If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a WiFi dongle). This can allow firmware event frames from a remote source to be processed and this can result in denial of service (DoS) condition." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9503\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9503\nhttps://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html#cve-2019-9503-remotely-sending-firmware-events-bypassing-is-wlc-event-frame\nhttps://kb.cert.org/vuls/id/166939/\nhttps://www.bleepingcomputer.com/news/security/broadcom-wifi-driver-flaws-expose-computers-phones-iot-to-rce-attacks/" ], "name": "CVE-2019-9503", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8625\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8625\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8625", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.", "A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data confidentiality." ], "statement": "Red Hat Product Security has rated this issue as having Low severity. An attacker could use this flaw to determine whether given usernames exist or not on the server, but no further information is disclosed and there is no availability or integrity impact. A future update may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15473\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15473" ], "name": "CVE-2018-15473", "mitigation": { "value": "Configuring your firewall to limit the origin and/or rate of incoming ssh connections (using the netfilter xt_recent module) will limit the impact of this attack, as it requires a new TCP connection for each username tested. This configuration also provides some protection against brute-force attacks on SSH passwords or keys.\nSee the following article for more information on limiting access to SSHD: https://access.redhat.com/solutions/8687", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-23T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-665", "details": [ "The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.", "A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6 as it does not contain the affected code. This does not affect the Red Hat Enterprise MRG 2 as it does not enable the affected code at compile time.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7.", "acknowledgement": "Red Hat would like to thank Daniel Borkmann for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4700\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4700" ], "name": "CVE-2015-4700", "mitigation": { "value": "This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected.\nIt can be disabled immediately with the command:\n# echo 0 > /proc/sys/net/core/bpf_jit_enable\nOr it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable\n## start file ##\nnet.core.bpf_jit_enable=0\n## end file ##", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.", "A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate their privileges on the system." ], "statement": "Considered to be Moderate rate, because by default CIPSO non-enabled and both no known way to reproduce the attack remotely and both it looks complex if even possible to use the attack in any way apart from crashing the system. For the usage of the inbound CIPSO connections, the administrator have to enable it with netlabelctl utility first. The vulnerability is considered to be for local user, because it can happen only when a local user opens a socket for sending packets, but not during receiving packets.", "upstream_fix": "Kernel 5.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-33033\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33033" ], "name": "CVE-2021-33033", "mitigation": { "value": "The mitigation would be not allowing CIPSO labeling for the inbound network connections. For the most of the default configurations both for network routers and for the Linux servers itself it is disabled by default.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.", "A stack-based buffer overflow was discovered in ImageMagick in the way it writes PNM images due to off-by-one errors. Applications compiled against ImageMagick libraries that accept untrustworthy images or write PNM images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code." ], "upstream_fix": "ImageMagick 7.0.8-50, ImageMagick 6.9.10-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13306\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13306" ], "name": "CVE-2019-13306", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.", "It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3425\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3425\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-3425", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.4", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.", "Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8092\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8092\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8092", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.", "A flaw was found in samba when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside of the share." ], "statement": "Only samba configurations where 'wide links' option is explicitly set to 'yes' is affected by this flaw. Therefore default configurations of samba package shipped with Red Hat Products are not affected.\nThis vulnerability exists in the samba server, client side packages are not affected.", "acknowledgement": "Red Hat would like to thank Stefan Metzmacher (SerNet) for reporting this issue.", "upstream_fix": "samba 4.9.13, samba 4.10.8, samba 4.11.0rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10197\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10197\nhttps://www.samba.org/samba/security/CVE-2019-10197.html" ], "name": "CVE-2019-10197", "mitigation": { "value": "The following methods can be used as a mitigation (only one is needed):\n1. Use the 'sharesec' tool to configure a security descriptor for the share that's at least as strict as the permissions on the share root directory.\n2. Use the 'valid users' option to allow only users/groups which are able to enter the share root directory.\n3. Remove 'wide links = yes' if it's not really needed.\n4. In some situations it might be an option to use 'chmod a+x' on the share root directory, but you need to make sure that files and subdirectories are protected by stricter permissions. You may also want to 'chmod a-w' in order to prevent new top level files and directories, which may have less restrictive permissions.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3945\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3945" ], "name": "CVE-2016-3945", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-248", "details": [ "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.", "It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Advanced Threat Research team at Intel Security for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3646\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3646" ], "name": "CVE-2014-3646", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-17T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-119->CWE-190->CWE-122->CWE-131->CWE-190", "details": [ "The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a (1) negative or (2) large property count in a BDF font file.", "An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server." ], "upstream_fix": "libXfont 1.4.9, libXfont 1.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1802\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1802\nhttp://www.x.org/wiki/Development/Security/Advisory-2015-03-17/" ], "name": "CVE-2015-1802", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.", "A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5,6, 7, realtime and MRG-2.\nRed Hat Enterprise Linux 5 has transitioned to Production phase 3. \nDuring the Production 3 Phase, Critical impact Security Advisories (RHSAs) \nand selected Urgent Priority Bug Fix Advisories (RHBAs) may be released \nas they become available.\nThe official life cycle policy can be reviewed here:\nhttp://redhat.com/rhel/lifecycle\nFuture Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15265\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15265" ], "name": "CVE-2017-15265", "mitigation": { "value": "It is possible to prevent the affected code from being loaded by blacklisting the kernel module snd_seq. Instructions relating to how to blacklist a kernel module are shown here: https://access.redhat.com/solutions/41278 \nAlternatively a custom permission set can be created by udev, the correct permissions will depend on your use case. Please contact Red Hat customer support for creating a rule set that can minimize flaw exposure.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-09-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function ReadPCDImage in coders/pcd.c, which allow remote attackers to cause a denial of service via a crafted file.", "A memory leak vulnerability has been discovered in ImageMagick in the ReadPCDImage function of coders/pcd.c file. An attacker could use this flaw to cause a denial of service via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18251\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18251" ], "name": "CVE-2017-18251", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Daniel Veditz and Philipp as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12389\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12389\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389" ], "name": "CVE-2018-12389", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11087\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11087" ], "name": "CVE-2020-11087", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12600\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12600" ], "name": "CVE-2018-12600", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-305", "details": [ "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection." ], "statement": "The \"AuthType Digest\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux. Also upstream discourages the use of mod_auth_digest because of its inherent security weaknesses and recommends the use of mod_ssl.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1312\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1312\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2018-1312", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.", "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality." ], "statement": "This issue is rated as having Moderate impact because of the attack scenario limitation where only local user with access to VT console if at least CAP_SYS_TTY_CONFIG enabled can trigger this issue.", "upstream_fix": "kernel 5.10-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25656\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25656\nhttps://lkml.org/lkml/2020/10/16/84\nhttps://lkml.org/lkml/2020/10/29/528" ], "name": "CVE-2020-25656", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.", "A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability." ], "statement": "The version of Samba shipped with Red Hat Gluster Storage (RHGS) 3 is built with a private copy of ldb (LDAP-like embedded database) library which includes the vulnerable code. However, Samba shipped with RHGS 3 is not supported for use as an Active Directory Domain Controller and hence the impact has been lowered.", "acknowledgement": "Red Hat would like to thank the Samba Project for reporting this issue. Upstream acknowledges Douglas Bagnall (Catalyst and the Samba Team) as the original reporter.", "upstream_fix": "samba 4.12.13, samba 4.14.1, samba 4.13.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20277\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20277\nhttps://www.samba.org/samba/security/CVE-2021-20277.html" ], "name": "CVE-2021-20277", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-15T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.", "A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7, MRG-2 and realtime kernels.\nThis issue does not affect kernels that ship with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8650\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8650" ], "name": "CVE-2016-8650", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-05T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "(CWE-125|CWE-416)", "details": [ "The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.", "A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory." ], "statement": "This issue does not affect the versions of curl as shipped with Red Hat Enterprise Linux 5.\nNote that there are no applications provided with Red Hat Enterprise Linux that use the vulnerable CURLOPT_COPYPOSTFIELDS option, except PHP which could only be affected if used in an extremely unlikely scenario or via the script's author.", "acknowledgement": "Red Hat would like to thank cURL project for reporting this issue. Upstream acknowledges Symeon Paraschoudis as the original reporter.", "upstream_fix": "curl 7.39.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3707\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3707\nhttp://curl.haxx.se/docs/adv_20141105.html" ], "name": "CVE-2014-3707", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-21T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-193", "details": [ "The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.", "Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer." ], "statement": "This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3184\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3184" ], "name": "CVE-2014-3184", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-30T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.", "A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded inputs. A specially crafted DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash." ], "upstream_fix": "libtasn1 4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3622\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3622" ], "name": "CVE-2015-3622", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4258\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4258\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL" ], "name": "CVE-2014-4258", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.", "An out-of-bounds read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PPM file. An attacker could use this flaw to crash the application and cause a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11214\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11214" ], "name": "CVE-2018-11214", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types." ], "upstream_fix": "mariadb 10.0.28, mariadb 10.1.18, mariadb 5.5.52, mysql 5.6.33, mysql 5.7.15, mysql 5.5.52", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8283\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8283\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881724.html#AppendixMSQL" ], "name": "CVE-2016-8283", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T04:26:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.", "A flaw was found in IPA. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1722\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1722" ], "name": "CVE-2020-1722", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Bob Clary, Christian Holler, Christoph Diehl, Daniel Holbert, Jesse Ruderman, and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1952\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1952\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-16.html" ], "name": "CVE-2016-1952", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-08T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.", "A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in failure to allocate memory or an over-large memcpy operation, leading to a crash." ], "upstream_fix": "icoutils 0.31.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5332\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5332" ], "name": "CVE-2017-5332", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3858\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3858\nhttps://www.libssh2.org/CVE-2019-3858.html" ], "name": "CVE-2019-3858", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5483\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5483" ], "name": "CVE-2017-5483", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.", "A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2671\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2671" ], "name": "CVE-2017-2671", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-21T00:00:00Z", "cvss": { "cvss_base_score": "5.7", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-833", "details": [ "The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.", "It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system." ], "statement": "This issue does not affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future updates may address this issue in the respective releases.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8171\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8171" ], "name": "CVE-2014-8171", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nathan Froyd and Tyson Smith as the original reporters.", "upstream_fix": "thunderbird 60.9, firefox 68.1, firefox 60.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11740\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11740\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11740" ], "name": "CVE-2019-11740", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ehsan Akhgari as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7197\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7197\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-132.html" ], "name": "CVE-2015-7197", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14562\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14562" ], "name": "CVE-2020-14562", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ivan Fratric of Google Project Zero as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5404\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5404\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5404" ], "name": "CVE-2017-5404", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.", "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack." ], "upstream_fix": "httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0736\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0736\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.25\nhttps://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt" ], "name": "CVE-2016-0736", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385->CWE-203", "details": [ "A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.", "A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction\nmechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability." ], "statement": "For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/tsx-asynchronousabort", "upstream_fix": "Kernel 5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19338\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19338\nhttps://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort\nhttps://www.openwall.com/lists/oss-security/2019/12/10/3" ], "name": "CVE-2019-19338", "mitigation": { "value": "Please refer to the Red Hat Knowledgebase Transactional Synchronization Extensions (TSX) Asynchronous Abort article (https://access.redhat.com/solutions/tsx-asynchronousabort) for mitigation instructions.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-567", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4732\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4732\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16421\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16421\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16421", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf." ], "upstream_fix": "gstreamer1-plugins-bad-free 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5843\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5843" ], "name": "CVE-2017-5843", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "Under certain circumstances the \"fetch()\" API can return transient local copies of resources that were sent with a \"no-store\" or \"no-cache\" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ben Kelly as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5131\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5131\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5131" ], "name": "CVE-2018-5131", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228", "details": [ "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", "It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2572\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2572\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2572", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault." ], "statement": "This issue affects the versions of qt5-base and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19870\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19870" ], "name": "CVE-2018-19870", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-284", "details": [ "Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ehsan Akhgari as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4520\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4520\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-111/" ], "name": "CVE-2015-4520", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20096\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20096" ], "name": "CVE-2018-20096", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated." ], "statement": "This issue affects the versions of mysql and mysql55 packages as shipped with Red Hat Enterprise Linux 5, 6 and 7. This issue affects the version of mariadb and mariadb55 packages as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.", "upstream_fix": "mariadb 10.0.18, mariadb 5.5.43, mysql 5.5.43, mysql 5.6.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0499\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0499\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL" ], "name": "CVE-2015-0499", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.", "A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (physical access).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19063\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19063" ], "name": "CVE-2019-19063", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8192cu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Erb as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7764\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7764\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764" ], "name": "CVE-2017-7764", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.", "A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7396\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7396" ], "name": "CVE-2017-7396", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-95", "details": [ "The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5158\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5158\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158" ], "name": "CVE-2018-5158", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-10-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Hugh Davenport as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8242\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8242" ], "name": "CVE-2015-8242", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2796\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2796\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2796", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-01T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.", "A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Marco Davids (SIDN Labs) and Tony Finch (University of Cambridge) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8864\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8864\nhttps://kb.isc.org/article/AA-01434" ], "name": "CVE-2016-8864", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-15T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.", "A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code creating this issue is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8646\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8646" ], "name": "CVE-2016-8646", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-25T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119->CWE-416", "details": [ "An issue was discovered in Exempi before 2.4.3. It allows remote attackers to cause a denial of service (invalid memcpy with resultant use-after-free) or possibly have unspecified other impact via a .pdf file containing JPEG data, related to XMPFiles/source/FormatSupport/ReconcileTIFF.cpp, XMPFiles/source/FormatSupport/TIFF_MemoryReader.cpp, and XMPFiles/source/FormatSupport/TIFF_Support.hpp." ], "statement": "This issue affects the versions of exempi as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "exempi 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18234\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18234" ], "name": "CVE-2017-18234", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3868\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3868\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3868", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument to the xmlrpc_set_type function or (2) a crafted argument to the xmlrpc_decode function, related to an out-of-bounds read operation.", "An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash." ], "statement": "This issue did not affect the php packages as shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "php 5.6.2, php 5.5.18, php 5.4.34", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3668\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3668" ], "name": "CVE-2014-3668", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.", "A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests." ], "upstream_fix": "tomcat 7.0.67, tomcat 8.0.32", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5346\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5346\nhttp://seclists.org/bugtraq/2016/Feb/143" ], "name": "CVE-2015-5346", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4447\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4447" ], "name": "CVE-2016-4447", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-122", "details": [ "Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.", "Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "upstream_fix": "jasper 1.900.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9029\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9029\nhttp://www.ocert.org/advisories/ocert-2014-009.html" ], "name": "CVE-2014-9029", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-08T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-131->CWE-200", "details": [ "The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a \"too-short\" salt.", "A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory." ], "upstream_fix": "postgresql 9.2.14, postgresql 9.0.23, postgresql 9.1.19, postgresql 9.4.5, postgresql 9.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5288\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5288\nhttp://www.postgresql.org/about/news/1615/" ], "name": "CVE-2015-5288", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-3600. Reason: This candidate is a reservation duplicate of CVE-2017-3600. Notes: All CVE users should reference CVE-2017-3600 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage", "It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool." ], "upstream_fix": "mariadb 5.5.53, mariadb 10.0.28, mariadb 10.1.19, mysql 5.6.36, mysql 5.5.55, mysql 5.7.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5483\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5483\nhttps://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/\nhttps://blog.tarq.io/cve-2016-5483-galera-remote-command-execution-via-crafted-database-name/" ], "name": "CVE-2016-5483", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.", "A flaw was found in the Linux kernel. The Intel Wireless WiFi MVM Firmware driver mishandles resource cleanup during device coredump. An attacker able to trigger the device coredump and system-wide out of memory conditions at the same time could use this flaw to crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (system-wide out-of-memory condition).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19058\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19058" ], "name": "CVE-2019-19058", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlmvm. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7201\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7201\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-134.html" ], "name": "CVE-2015-7201", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-284", "details": [ "Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.", "An improper access control flaw was found in the Intel(R) Ethernet Controller RDMA driver in the Linux Kernel. This flaw allows an unauthenticated user to enable privilege escalation via network access." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25775\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25775\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html" ], "name": "CVE-2023-25775", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types." ], "upstream_fix": "mariadb 5.5.50, mariadb 10.1.15, mariadb 10.0.26, mysql 5.5.50, mysql 5.7.13, mysql 5.6.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3521\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3521\nhttp://www.oracle.com/technetwork/topics/security/cpujul2016-2881720.html" ], "name": "CVE-2016-3521", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bruno Keith & Niklas Baumstark (the phoenhex team) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9793\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9793\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793" ], "name": "CVE-2019-9793", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1521\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1521\nhttp://www.talosintel.com/reports/TALOS-2016-0058/" ], "name": "CVE-2016-1521", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15864\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15864" ], "name": "CVE-2018-15864", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.", "A buffer overflow flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened." ], "upstream_fix": "php 5.5.24, php 5.4.40, php 5.6.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3329\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3329" ], "name": "CVE-2015-3329", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue.", "A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1568\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1568\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-73.html" ], "name": "CVE-2014-1568", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0815\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0815\nhttp://www.mozilla.org/security/announce/2014/mfsa2015-30.html" ], "name": "CVE-2015-0815", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-20T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption." ], "upstream_fix": "mariadb 10.1.14, mariadb 5.5.49, mariadb 10.0.25, mysql 5.7.11, mysql 5.5.49, mysql 5.6.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3452\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3452\nhttp://www.oracle.com/technetwork/topics/security/cpujul2016-2881720.html" ], "name": "CVE-2016-3452", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "upstream_fix": "icedtea 2.4.7, icedtea 1.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0446\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0446\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0446", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5430\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5430\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5430" ], "name": "CVE-2017-5430", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-06-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1533\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1533\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-48.html" ], "name": "CVE-2014-1533", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0429\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0429\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0429", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.", "A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser." ], "statement": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "upstream_fix": "pki 10.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10221\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10221" ], "name": "CVE-2019-10221", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.", "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs." ], "upstream_fix": "tomcat 8.0.32, tomcat 6.0.45, tomcat 7.0.68", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0706\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0706\nhttp://seclists.org/bugtraq/2016/Feb/144" ], "name": "CVE-2016-0706", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5098\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5098\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098" ], "name": "CVE-2018-5098", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Zhanjia Song as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 60.9, firefox 68.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11752\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11752\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11752" ], "name": "CVE-2019-11752", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-04T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage", "A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash." ], "statement": "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nA mitigation for Red Hat Enterprise Linux 6 and 7 is available at: https://bugzilla.redhat.com/show_bug.cgi?id=1184573#c16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9297\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9297\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever" ], "name": "CVE-2014-9297", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).", "It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10295\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10295" ], "name": "CVE-2017-10295", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7198\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7198\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-131.html" ], "name": "CVE-2015-7198", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9066\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9066\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-9066", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-787", "details": [ "In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel", "A flaw was found in the Linux kernel’s multi-touch input system. An out-of-bounds write triggered by a use-after-free issue could lead to memory corruption or possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0465\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0465" ], "name": "CVE-2020-0465", "mitigation": { "value": "As the multitouch module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install hid-multitouch /bin/true\" >> /etc/modprobe.d/disable-hid-multitouch.conf\nThe system may need to be restarted if the hid-multitouch module is loaded. In most circumstances, a kernel modules will be unable to be unloaded while in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 4.5.1." ], "upstream_fix": "mercurial 4.5.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000132\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000132" ], "name": "CVE-2018-1000132", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-09T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.", "A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported." ], "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.2a, openssl 1.0.0r", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0209\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0209\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0209", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.", "It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank cURL project for reporting this issue. Upstream acknowledges Andrey Labunets (Facebook) as the original reporter.", "upstream_fix": "libcurl 7.40.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8150\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8150\nhttp://curl.haxx.se/docs/adv_20150108B.html" ], "name": "CVE-2014-8150", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue." ], "statement": "This issue affects the versions of unzip as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13232\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13232" ], "name": "CVE-2019-13232", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-02-21T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.", "A heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application." ], "statement": "This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 5 and 6 as they did use different memory allocation algorithm in swscanf() function.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1472\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1472" ], "name": "CVE-2015-1472", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-456", "details": [ "When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chiaki ISHIKAWA as the original reporter.", "upstream_fix": "thunderbird 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6792\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6792\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792" ], "name": "CVE-2020-6792", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8783\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8783" ], "name": "CVE-2015-8783", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.", "A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability." ], "upstream_fix": "kernel 5.13 rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-33034\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33034\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3\nhttps://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl\nhttps://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1" ], "name": "CVE-2021-33034", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.", "A possible memory corruption due to a type confusion was found in the Linux kernel in the sk_clone_lock() function in the net/core/sock.c. The possibility of local escalation of privileges cannot be fully ruled out for a local unprivileged attacker." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9568\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9568" ], "name": "CVE-2018-9568", "mitigation": { "value": "The currently known attack vector uses IPv6 for exploitation. If IPv6 is not needed on the host, disabling it mitigates this attack vector. Please see https://access.redhat.com/solutions/8709 for instructions on how to disable IPv6 in Red Hat Enterprise Linux.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7939\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7939" ], "name": "CVE-2016-7939", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-12-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8665\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8665" ], "name": "CVE-2015-8665", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..", "A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker can execute arbitrary code on the system." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-30762\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30762\nhttps://webkitgtk.org/security/WSA-2021-0004.html" ], "name": "CVE-2021-30762", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).", "A use-after-free vulnerability was found in the Linux kernel’s implementation of blktrace in the __blk_add_trace function. A local attacker with permissions to run block trace instructions against a device can create a situation where the core block_trace object is used after it is freed. The attacker can pre-groom memory to race this use-after-free to create a condition where the memory is corrupted and cause privilege escalation.\nThe ability to create this condition requires elevated privileges, and it has been decided that this change in Red Hat Enterprise Linux 5 and 6 would risk introducing possible regressions and will not be backported." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19768\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19768" ], "name": "CVE-2019-19768", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.", "It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the perf subsystem where the flaw was found is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6001\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6001" ], "name": "CVE-2017-6001", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo." ], "upstream_fix": "poppler 0.79", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9959\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9959" ], "name": "CVE-2019-9959", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-682", "details": [ "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.", "An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client." ], "statement": "This issue does not affect the version OpenSSH as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue affects the version of OpenSSH as shipped with Red Hat Enterprise Linux 7 in a non-default configuration. For more information please refer to https://access.redhat.com/articles/2123781", "acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "upstream_fix": "openssh 7.1p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0777\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0777\nhttp://www.openssh.com/txt/release-7.1p2\nhttps://access.redhat.com/articles/2123781\nhttps://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt" ], "csaw": true, "name": "CVE-2016-0777", "mitigation": { "value": "1. The vulnerable roaming code can be permanently disabled by adding the\nundocumented option \"UseRoaming no\" to the system-wide configuration\nfile (usually /etc/ssh/ssh_config), or per-user configuration file\n(~/.ssh/config), or command-line (-o \"UseRoaming no\").\n2. If an OpenSSH client is disconnected from an SSH server that offers\nroaming, it prints \"[connection suspended, press return to resume]\" on\nstderr, and waits for '\\n' or '\\r' on stdin (and not on the controlling\nterminal) before it reconnects to the server; advanced users may become\nsuspicious and press Control-C or Control-Z instead, thus avoiding the\ninformation leak.\nHowever, SSH commands that use the local stdin to transfer data to the\nremote server are bound to trigger this reconnection automatically (upon\nreading a '\\n' or '\\r' from stdin). Moreover, these non-interactive SSH\ncommands (for example, backup scripts and cron jobs) commonly employ\npublic-key authentication and are therefore perfect targets for this\ninformation leak.", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.", "An out of bounds read flaw related to \"graphite2::Silf::getClassGlyph\" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7776\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7776\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7776", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. This is related to WPXTable.h." ], "statement": "This issue affects the versions of libwpd as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19208\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19208" ], "name": "CVE-2018-19208", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.", "A flaw was found in the Linux kernel's skcipher component, which affects the skcipher_recvmsg function. Attackers using a specific input can lead to a privilege escalation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, and kernel-alt packages.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, MRG-2 and real-time kernels.\nFuture Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13215\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13215" ], "name": "CVE-2017-13215", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi." ], "upstream_fix": "gstreamer1-plugins-base 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5842\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5842" ], "name": "CVE-2017-5842", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19149\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19149" ], "name": "CVE-2018-19149", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31." ], "upstream_fix": "ImageMagick 7.0.8-13, ImageMagick 6.9.10-13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18544\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18544" ], "name": "CVE-2018-18544", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.1.33, mariadb 5.5.60, mariadb 10.0.35, mariadb 10.2.15, mysql 5.5.60, mysql 5.7.22, mysql 5.6.40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2771\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2771\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" ], "name": "CVE-2018-2771", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via a crafted TIFF file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12900\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12900" ], "name": "CVE-2018-12900", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.", "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic." ], "acknowledgement": "Red Hat would like to thank Wen Xu for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1092\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1092" ], "name": "CVE-2018-1092", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8101\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8101\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8101", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-835", "details": [ "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.", "A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation." ], "statement": "A service is vulnerable if it uses python's tarfile module to open untrusted tar files. If an attacker is able to submit a crafted tar file to a service which uses the tarfile module to open it, an infinite loop will be executed, potentially causing a denial of service. The tarfile module is included with python.\nVersions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20907\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20907" ], "name": "CVE-2019-20907", "mitigation": { "value": "This flaw can be mitigated by not opening untrusted files with tarfile.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.", "A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges partha@exablox.com as the original reporter.", "upstream_fix": "samba 4.3.3, samba 4.2.7, samba 4.1.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5299\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5299\nhttps://www.samba.org/samba/security/CVE-2015-5299.html" ], "name": "CVE-2015-5299", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-20T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-377", "details": [ "The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3149\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3149" ], "name": "CVE-2015-3149", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8097\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8097\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8097", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.", "A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. This affects the keyring key type and thus key addition and link creation operations may cause the kernel to panic." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7,MRG-2 and realtime kernels. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Fan Wu (University of Hong Kong), Haoran Qiu (University of Hong Kong), Heming Cui (University of Hong Kong), and Shixiong Zhao (University of Hong Kong) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12193\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12193" ], "name": "CVE-2017-12193", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.", "A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10926\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10926" ], "name": "CVE-2018-10926", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-02-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile.", "It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5884\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5884" ], "name": "CVE-2017-5884", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "(CWE-335|CWE-338)", "details": [ "util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.", "It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys." ], "upstream_fix": "ntp 4.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9294\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9294\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#non_cryptographic_random_number\nhttps://access.redhat.com/articles/1305723" ], "name": "CVE-2014-9294", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2795\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2795" ], "name": "CVE-2018-2795", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap.", "Heap-based buffer overflow vulnerability in extract_status_code() function in lib/html.c that parses HTTP status code returned from web server allows malicious web server or man-in-the-middle attacker pretending to be a web server to cause either a denial of service or potentially execute arbitrary code on keepalived load balancer." ], "statement": "This issue affects the versions of keepalived as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "keepalived 2.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19115\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19115" ], "name": "CVE-2018-19115", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-27T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.", "It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank Canonical for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1333\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1333" ], "name": "CVE-2015-1333", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-18T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive.", "An invalid free flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened." ], "statement": "This issue affected all versions of PHP shipped in various Red Hat products, except version PHP 5.1.x that is shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "php 5.5.24, php 5.4.40, php 5.6.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3307\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3307" ], "name": "CVE-2015-3307", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H)." ], "upstream_fix": "mariadb-connector-c 3.0.5, mariadb-connector-c 2.3.7, mariadb 10.0.35, mariadb 5.5.61, mariadb 10.1.33, mariadb 10.2.15, mysql 5.7.23, mysql 5.5.61, mysql 8.0.12, mysql 5.6.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3081\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3081\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" ], "name": "CVE-2018-3081", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the \"simple_vec\" function in the \"extract.c\" source file. This affects icotool.", "A vulnerability was found in icoutils, in the icotool program. An attacker could create a crafted ICO or CUR file that, when read by icotool, could result in memory corruption leading to a crash or potential code execution." ], "upstream_fix": "icoutils 0.31.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6011\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6011" ], "name": "CVE-2017-6011", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.", "An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges." ], "upstream_fix": "kernel 5.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-36385\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36385" ], "name": "CVE-2020-36385", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.", "A flaw was found in the way the mwifiex_cmd_append_vsie_tlv() in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12653\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12653" ], "name": "CVE-2020-12653", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module mwifiex. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10349\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10349" ], "name": "CVE-2017-10349", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8608\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8608\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8608", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-10T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.", "It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security\nimpact. This issue is not currently planned to be addressed in future\nupdates of Enterprise Linux 6. For additional information, refer to\nthe Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5160\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5160" ], "name": "CVE-2015-5160", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.", "A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "upstream_fix": "net-snmp 5.8.1pre1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15862\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15862" ], "name": "CVE-2020-15862", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9660\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9660" ], "name": "CVE-2014-9660", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2757\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2757" ], "name": "CVE-2020-2757", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6555\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6555" ], "name": "CVE-2014-6555", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-201", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3139\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3139" ], "name": "CVE-2018-3139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." ], "statement": "This issue affects the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "wireshark 1.12.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6248\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6248\nhttps://www.wireshark.org/security/wnpa-sec-2015-28" ], "name": "CVE-2015-6248", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-12-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8683\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8683" ], "name": "CVE-2015-8683", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.", "A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client." ], "upstream_fix": "samba 4.8.4, samba 4.6.16, samba 4.7.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10858\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10858\nhttps://www.samba.org/samba/security/CVE-2018-10858.html" ], "name": "CVE-2018-10858", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.", "A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6, Red Hat JBoss Web Server, and Red Hat JBoss Enterprise Application Platform. These products include httpd 2.2, and only httpd versions 2.4.6 through 2.4.9 include the vulnerable code.", "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0117\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0117\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0117", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers and community members reported memory safety bugs present in Firefox 73 and Firefox ESR 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Byron Campen, Christian Holler, and Jason Kratzer as the original reporters.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6814\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6814\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814" ], "name": "CVE-2020-6814", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.", "A device tracking vulnerability was found in the flow_dissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time and can be inferred by an attacker." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18282\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18282" ], "name": "CVE-2019-18282", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-26T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors.", "A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library." ], "upstream_fix": "libtasn1 4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2806\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2806" ], "name": "CVE-2015-2806", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-11-17T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.", "It was discovered that grub2 builds for EFI systems contained modules that were not suitable to be loaded in a Secure Boot environment. An attacker could use this flaw to circumvent the Secure Boot mechanisms and load non-verified code. Attacks could use the boot menu if no password was set, or the grub2 configuration file if the attacker has root privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5281\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5281" ], "name": "CVE-2015-5281", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", "A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0705\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0705" ], "name": "CVE-2016-0705", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-15T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image." ], "upstream_fix": "jasper 1.900.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8885\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8885" ], "name": "CVE-2016-8885", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-09-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "details": [ "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.", "It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure." ], "upstream_fix": "glibc 2.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8776\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8776" ], "name": "CVE-2015-8776", "mitigation": { "value": "Check time values before they are passed to strftime, or call strftime only with struct tm values computed by gmtime or localtime.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.", "A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack." ], "acknowledgement": "This issue was discovered by Thorsten Scherf (Red Hat) and Tomas Mraz (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7488\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7488" ], "name": "CVE-2017-7488", "mitigation": { "value": "Possible workaround (with side-effects):\nauthconfig --enablesysnetauth --update", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML." ], "upstream_fix": "mariadb 5.5.48, mariadb 10.1.12, mariadb 10.0.24, mysql 5.5.48, mysql 5.6.29, mysql 5.7.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0646\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0646\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0646", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-04T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-732", "details": [ "The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.", "The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix\nthis issue have been shipped now.", "acknowledgement": "Red Hat would like to thank Nathan Williams for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8660\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8660" ], "name": "CVE-2015-8660", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string." ], "upstream_fix": "gstreamer1 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5838\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5838" ], "name": "CVE-2017-5838", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8821\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8821\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8821", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.", "A flaw was found in the Linux kernel's implementation of IPMI (remote baseband access). An attacker, with local access to read /proc/ioports, may be able to create a use-after-free condition when the kernel module is unloaded which may result in privilege escalation." ], "statement": "This flaw has been rated as \"Moderate\" as the attacker needs to be able to abuse this flaw in a very narrow race condition of the kernel module being unloaded. This scoring system from this flaw differentiates from other sources as the attacker must have a local account to be able to read the file (/proc/ioports) while the module is unloaded. None of the above actions are 'network facing' attack vectors.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11811" ], "name": "CVE-2019-11811", "mitigation": { "value": "A mitigation to this flaw would be to no longer use IPMI on affected hardware until the kernel has been updated. Existing systems that have IPMI kernel modules loaded will need to unload the \"ipmi_si\" kernel module and blacklist ( See https://access.redhat.com/solutions/41278 for a guide on how to blacklist modules). Take careful consideration that if unloading and blacklisting the module, this creates a one-time attack vector window for a local attacker.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)." ], "upstream_fix": "mariadb 10.1.21, mariadb 10.0.29, mariadb 5.5.54, mysql 5.6.35, mysql 5.5.54, mysql 5.7.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3238\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3238\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" ], "name": "CVE-2017-3238", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer.", "A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers." ], "acknowledgement": "This issue was discovered by Miroslav Lichvár (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1799\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1799" ], "name": "CVE-2015-1799", "mitigation": { "value": "To work around this issue, instead of configuring NTP hosts as peers with the 'peer' directive, use the 'server' directive on both hosts so that the connection uses a regular client/server mode of operation.\nMore information about how to configure NTP can be found at:\nhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ch-Configuring_NTP_Using_ntpd.html\nAutokey authentication between NTP peers is not sufficient to fully mitigate this issue.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-02T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-626", "details": [ "The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \\x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.", "It was found that PHP move_uploaded_file() function did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions." ], "statement": "This issue does not affect the current php and php53 packages in Red Hat Enterprise Linux 5 and 6, as it was previously corrected as part of the fix for CVE-2006-7243.", "upstream_fix": "PHP 5.5.23, PHP 5.4.39, PHP 5.6.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2348\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2348" ], "name": "CVE-2015-2348", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10111\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10111" ], "name": "CVE-2017-10111", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-407", "details": [ "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." ], "upstream_fix": "pcre 8.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8391\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8391" ], "name": "CVE-2015-8391", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-642", "details": [ "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.", "It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. Affected backends use attacker-controlled environment variables without proper sanitization. A local attacker, who is part of one of the groups specified in the SystemGroups directive, could use the cupsctl binary to set SetEnv and PassEnv directives and potentially controls the flow of the affected backend, resulting in some cases in arbitrary code execution with root privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4180\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4180" ], "name": "CVE-2018-4180", "mitigation": { "value": "Do not add untrusted users to sys and root groups.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size. This occurs because ReadCINImage in coders/cin.c lacks a check for insufficient image data in a file." ], "upstream_fix": "ImageMagick 7.0.8-28, ImageMagick 6.9.10-28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11470\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11470" ], "name": "CVE-2019-11470", "mitigation": { "value": "You can configure a security policy that limits the disk resource usage when running ImageMagick.\nEdit /etc/ImageMagick/policy.xml with:\n```\n\n...\n\n...\n\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2678\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2678" ], "name": "CVE-2018-2678", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4844\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4844\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4844", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", "It was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones (DLZs). An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the \"allow-transfer\" ACL." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.11.5-P4, bind 9.12.3-P4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6465\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6465\nhttps://kb.isc.org/docs/cve-2019-6465" ], "name": "CVE-2019-6465", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c.", "A heap-based buffer overflow flaw was discovered in ImageMagick when writing SGI images with improper columns and rows properties. An attacker may trick a victim user into downloading a malicious image file and running it through ImageMagick, possibly executing code onto the victim user's system." ], "upstream_fix": "ImageMagick 7.0.8-43, ImageMagick 6.9.10-43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19948\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19948" ], "name": "CVE-2019-19948", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-26T15:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.", "A stack-based buffer overflow when processing chunked, encoded HTTP responses was found in wget. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit this flaw to potentially execute arbitrary code." ], "statement": "This issue affects the versions of wget as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of wget as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank the GNU Wget project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13089\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13089\nhttps://www.viestintavirasto.fi/en/cybersecurity/vulnerabilities/2017/haavoittuvuus-2017-037.html" ], "name": "CVE-2017-13089", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8811\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8811", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-13T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-863", "details": [ "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.", "It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8325\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8325" ], "name": "CVE-2015-8325", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-29T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a \"BACKRONYM\" attack.", "It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the \"--ssl\" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server." ], "upstream_fix": "mariadb 10.0.20, mariadb 5.5.44, mysql 5.7.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3152\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3152\nhttp://www.ocert.org/advisories/ocert-2015-003.html" ], "name": "CVE-2015-3152", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5096\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5096\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096" ], "name": "CVE-2018-5096", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-01T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.", "A use-after-free flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass crafted input to PHP's unserialize() function, they could cause the PHP interpreter to crash or, possibly, execute arbitrary code." ], "statement": "This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5 and 6 or the versions of php53 as shipped with Red Hat Enterprise Linux 5 as the original flaw (CVE-2014-8142) did not affect these versions.", "upstream_fix": "php 5.6.5, php 5.5.21, php 5.4.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0231\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0231" ], "name": "CVE-2015-0231", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125->CWE-476", "details": [ "The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.", "A NULL pointer dereference flaw was found in GStreamer's MPEG-TS parser. A remote attacker could use this flaw to cause an application using GStreamer to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9813\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9813" ], "name": "CVE-2016-9813", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb-connector-c 3.0.5, mariadb 10.0.35, mariadb 5.5.61, mariadb 10.1.33, mariadb 10.2.15, mysql 5.6.49, mysql 8.0.21, mysql 5.7.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14550\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14550\nhttps://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL" ], "name": "CVE-2020-14550", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.", "A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. A malicious DHCP client could use this flaw to trigger a reference count overflow on the server side, potentially causing dhcpd to crash, by sending large amounts of traffic." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "upstream_fix": "dhcp 4.3.6-P1, dhcp 4.4.1, dhcp 4.1-ESV-R15-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5733\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5733\nhttps://kb.isc.org/article/AA-01567" ], "name": "CVE-2018-5733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-14T17:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-203->CWE-385", "details": [ "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12127\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12127\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" ], "csaw": true, "name": "CVE-2018-12127" }, { "threat_severity": "Important", "public_date": "2019-08-12T13:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas.", "It was found that the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of restricted areas." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Netanel (Cloudinary) as the original reporter.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10216\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10216" ], "name": "CVE-2019-10216", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-04T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.", "A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash." ], "statement": "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nA mitigation for Red Hat Enterprise Linux 6 and 7 is available at: https://bugzilla.redhat.com/show_bug.cgi?id=1184573#c16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9750\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9750\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever" ], "name": "CVE-2014-9750", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2601\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2601" ], "name": "CVE-2020-2601", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host." ], "statement": "Since the 5.8.3 release, Red Hat CloudForms no longer uses libtomcrypt.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0495\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0495\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" ], "name": "CVE-2018-0495", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-28T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.", "A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Hiroki MATSUKUMA (Cyber Defense Institute) as the original reporter.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14812\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14812" ], "name": "CVE-2019-14812", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file.", "A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file." ], "statement": "This issue did not affect the versions of file, php, and php53 as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of file as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Francisco Alonso (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3487\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3487" ], "name": "CVE-2014-3487", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2637\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2637" ], "name": "CVE-2018-2637", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-11T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", "It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine." ], "acknowledgement": "Red Hat would like to thank Michael Gruhn for reporting this issue. Upstream acknowledges Christian Moch as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5011\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5011" ], "name": "CVE-2016-5011", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5441\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5441\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5441" ], "name": "CVE-2017-5441", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.", "It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14661\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14661" ], "name": "CVE-2018-14661", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8597\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8597\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8597", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-01-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Qihoo 360 ATA as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 72.0.1, firefox 68.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17026\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17026\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026" ], "name": "CVE-2019-17026", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-704", "details": [ "An issue was discovered in Artifex Ghostscript before 9.24. A type confusion in \"ztype\" could be used by remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact.", "It was discovered that the ghostscript .type operator did not properly validate its operands. A specially crafted PostScript document could exploit this to crash ghostscript or, possibly, execute arbitrary code in the context of the ghostscript process." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16511\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16511" ], "name": "CVE-2018-16511", "mitigation": { "value": "Please see https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-12-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-271", "details": [ "A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.", "A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service." ], "statement": "This flaw is rated as having Low impact because of the exploitation prerequisities and the fact that the attacker could only decrease the permissions of the file or directory.", "acknowledgement": "Red Hat would like to thank J. Bruce Fields (fieldses.org) for reporting this issue.", "upstream_fix": "kernel 4.17-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-35513\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35513\nhttps://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297@fieldses.org/" ], "name": "CVE-2020-35513", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.", "The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." ], "upstream_fix": "kernel 4.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10675\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10675" ], "name": "CVE-2018-10675", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2633\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2633" ], "name": "CVE-2018-2633", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-10T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20->CWE-284", "details": [ "cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.", "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit." ], "statement": "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5 and is not planned to be corrected in future updates.\nInktank Ceph Enterprise 1.1 and 1.2 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Inktank Ceph Enterprise Support Matrix:\nhttp://www.inktank.com/enterprise/support/", "acknowledgement": "Red Hat would like to thank cURL project for reporting this issue. Upstream acknowledges Tim Ruehsen as the original reporter.", "upstream_fix": "curl 7.38.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3613\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3613\nhttp://curl.haxx.se/docs/adv_20140910A.html" ], "name": "CVE-2014-3613", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-29T17:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions." ], "acknowledgement": "Red Hat would like to thank Chris Coulson (Canonical) for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15706\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15706" ], "name": "CVE-2020-15706", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-119", "details": [ "In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.", "A stack buffer overflow issue was found in the get_raw_socket() routine of the Host kernel accelerator for virtio net (vhost-net) driver. It could occur while doing an ictol(VHOST_NET_SET_BACKEND) call, and retrieving socket name in a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) calls on the '/dev/vhost-net' device may use this flaw to crash the kernel resulting in DoS issue." ], "statement": "This issue does not affect the kernel package as shipped with the Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the kernel package as shipped with the Red Hat Enterprise Linux 6, 7 and 8. Future kernel updates for Red Hat Enterprise Linux 6, 7 and 8 may address this issue.\nIt is rated to have Low impact because it is quite difficult/unlikely to be triggered by a guest (or even host) user. In case it does happen, like in the upstream report, the stack overflow shall hit the stack canaries, resulting in DoS by crashing the kernel.", "upstream_fix": "kernel 5.5.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10942\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10942" ], "name": "CVE-2020-10942", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.", "An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid." ], "upstream_fix": "squid 3.5.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4553\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4553\nhttp://www.squid-cache.org/Advisories/SQUID-2016_7.txt" ], "name": "CVE-2016-4553", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120->CWE-121", "details": [ "Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.", "A buffer overflow flaw was found in the zsh shell auto-complete functionality. A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation." ], "acknowledgement": "This issue was discovered by Richard Maciel Costa (Red Hat).", "upstream_fix": "zsh 5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1083\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1083" ], "name": "CVE-2018-1083", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808." ], "upstream_fix": "libvpx 1.6.1, libvpx 1.8.0, libvpx 1.7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0393\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0393" ], "name": "CVE-2017-0393", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\\0' as its first or second character (such as the \"/\\0\" name)." ], "statement": "This issue affects the versions of libmspack as shipped with Red Hat Enterprise Linux 7.", "upstream_fix": "cabextract 1.8, libmspack 0.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18585\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18585" ], "name": "CVE-2018-18585", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-18T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.", "It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5008\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5008" ], "name": "CVE-2016-5008", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-30T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-643->CWE-476", "details": [ "The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.", "A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf (such as the libvirt daemon) to crash." ], "acknowledgement": "This issue was discovered by Hao Liu (Red Hat).", "upstream_fix": "netcf 0.2.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8119\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8119" ], "name": "CVE-2014-8119", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-28T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.", "A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication." ], "upstream_fix": "openssl 1.0.2e, openssl 1.0.1q", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3194\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3194\nhttps://openssl.org/news/secadv/20151203.txt" ], "name": "CVE-2015-3194", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-07T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Carl Henrik Lunde for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9584\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9584" ], "name": "CVE-2014-9584", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-843", "details": [ "The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue.", "A flaw was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code." ], "upstream_fix": "php 5.4.40, php 5.6.8, php 5.5.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4602\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4602" ], "name": "CVE-2015-4602", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9075\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9075" ], "name": "CVE-2017-9075", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-20T10:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.", "A flaw was found in glusterfs which can lead to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes." ], "statement": "Red Hat Enterprise Linux 6, 7 are not affected by this flaw as it only affects glusterfs-server package. Red Hat Virtualization Hypervisor is not impacted by this flaw, as it uses gluster in a controlled manner via vdsm.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10841\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10841" ], "name": "CVE-2018-10841", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-839", "details": [ "The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.", "An integer overflow flaw was found in the way the strings utility processed certain files. If a user were tricked into running the strings utility on a specially crafted file, it could cause the strings executable to crash." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8484\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8484" ], "name": "CVE-2014-8484", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-122", "details": [ "Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.", "A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution." ], "acknowledgement": "This issue was discovered by Han Han (Red Hat).", "upstream_fix": "augeas 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7555\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7555" ], "name": "CVE-2017-7555", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.", "An out of bounds read was found in function zzip_disk_fread of ZZIPlib, up to 0.13.68, when ZZIPlib mem_disk functionality is used. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file." ], "upstream_fix": "zziplib 0.13.69", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7725\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7725" ], "name": "CVE-2018-7725", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges." ], "upstream_fix": "mariadb 5.5.49, mariadb 10.0.25, mariadb 10.1.14, mysql 5.7.12, mysql 5.5.49, mysql 5.6.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0666\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0666\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0666", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS." ], "upstream_fix": "mariadb 5.5.52, mariadb 10.1.18, mariadb 10.0.28, mysql 5.6.33, mysql 5.5.52, mysql 5.7.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5626\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5626\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881724.html#AppendixMSQL" ], "name": "CVE-2016-5626", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.", "It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and MRG-2. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. This flaw may affect multiple containers running on this system. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5986\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5986" ], "name": "CVE-2017-5986", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-05T00:00:00Z", "cvss3": { "cvss3_base_score": "3.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-377", "details": [ "keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link.", "It was discovered that keycloak-httpd-client-install uses a predictable log file name in /tmp. A local attacker could create a symbolic link to a sensitive location, possibly causing data corruption or denial of service." ], "statement": "Red Hat Product Security has rated this issue as having security impact of Low. This issue may be fixed in a future version of Red Hat Enterprise Linux.\nOpenStack users please note, this issue is present in:\n* Red Hat OpenStack Platform 9.0 (Mitaka)\n* Red Hat OpenStack Platform 10.0 (Newton) \n* Red Hat OpenStack Platform 11.0 (Ocata)\nIf a fixed version of keycloak-httpd-client-install is made available in Red Hat Enterprise Linux, OpenStack customers should consume this package directly from the Red Hat Enterprise Linux channel (this occurs during normal updates).", "upstream_fix": "keycloak 0.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15111\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15111" ], "name": "CVE-2017-15111", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-23T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them." ], "upstream_fix": "tomcat 8.0.50, tomcat 8.5.28, tomcat 7.0.85", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1305\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1305\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" ], "name": "CVE-2018-1305", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10345\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10345" ], "name": "CVE-2017-10345", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-11-26T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite." ], "statement": "This issue affects the versions of libmspack as shipped with Red Hat Enterprise Linux 7.", "upstream_fix": "libmspack 0.7alpha", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14681\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14681" ], "name": "CVE-2018-14681", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1930\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1930\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-01.html" ], "name": "CVE-2016-1930", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.", "A flaw was found in several functions of the IPMItool, where it failed to check data received from a LAN properly. An attacker could use this flaw to craft payloads, which can lead to a buffer overflow and also cause memory corruption, a denial of service, and remote code execution." ], "statement": "The ipmitool package distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The stack canary generated by this feature helps mitigating any remote code execution attacks for this flaw.", "upstream_fix": "ipmitool 1.8.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-5208\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5208\nhttps://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp" ], "name": "CVE-2020-5208", "mitigation": { "value": "There's no mitigation available for this issue, although a few actions help to reduce the attack risk:\n1) Avoid to run `ipmitool` as privileged user;\n2) Avoid to run `ipmitool` against non-trusted IPMI-enabled devices;", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-138", "details": [ "RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.", "A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.3.5, ruby 2.2.8, ruby 2.4.2, rubygems 2.6.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0899\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0899\nhttp://blog.rubygems.org/2017/08/27/2.6.13-released.html" ], "name": "CVE-2017-0899", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6 and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 6.9.10-16, ImageMagick 7.0.8-16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20467\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20467" ], "name": "CVE-2018-20467", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-12-06T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-416", "details": [ "Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.", "A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 and 6.\nThis issue does affect Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future updates for the respective releases will address this issue.\nIn a default or common use of Red Hat Enterprise Linux 7 this issue does not allow an unprivileged local user elevate their privileges on the system.\nIn order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local unprivileged users also cannot abuse namespaces to grant this capability to themselves and elevate their privileges.", "acknowledgement": "Red Hat would like to thank Philip Pettersson for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8655\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8655" ], "name": "CVE-2016-8655", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "2.8", "cvss_scoring_vector": "AV:N/AC:M/Au:M/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED." ], "statement": "This issue affects the version of mysql55-mysqlas shipped with Red Hat Enterprise Linux 5 and the version of mariadb as shipped with Red Hat Enterprise Linux 7. This issue affects the version of mysql55-mysql and mariadb55-mariadb as shipped with Red Hat Software Collections 1. \nThe Red Hat Security Response Team has rated this issue as having Low security\nimpact, a future update may address this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4243\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4243\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixMSQL" ], "name": "CVE-2014-4243", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficient snapshot length, which allows remote attackers to cause a denial of service (memory consumption) via a crafted packet.", "A flaw was found in the way packet reassembly code of wireshark would parse a packet which could leak memory. An attacker could use this flaw to crash wireshark by sending a specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file." ], "upstream_fix": "wireshark 1.12.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3813\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3813\nhttps://www.wireshark.org/security/wnpa-sec-2015-16.html" ], "name": "CVE-2015-3813", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-704", "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.", "It was discovered that the type of the LockDistillerParams parameter is not properly verified. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15910\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15910\nhttp://seclists.org/oss-sec/2018/q3/142" ], "name": "CVE-2018-15910", "mitigation": { "value": "Please see https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.", "It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file." ], "statement": "This issue did not affect the php and the file packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of file as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "php 5.4.32, php 5.5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3587\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3587" ], "name": "CVE-2014-3587", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-228->CWE-125", "details": [ "The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.", "A vulnerability was found in libarchive. A specially crafted LZA/LZH file could cause a small out-of-bounds read, potentially disclosing a few bytes of application memory." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8919\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8919" ], "name": "CVE-2015-8919", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1839\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1839" ], "name": "CVE-2016-1839", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.", "A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat[] buffer. An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with privileges of the QEMU process." ], "statement": "Red Hat OpenStack Platform: \n* This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable.\n* Because the flaw's impact is Low, it will not be fixed in Red Hat OpenStack Platform 9 which is retiring within a few weeks of the flaw's public date.", "acknowledgement": "Red Hat would like to thank Vishnu Dev for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14378\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14378" ], "name": "CVE-2019-14378", "mitigation": { "value": "There is no external mitigation to prevent this out-of-bounds heap memory access.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.", "A flaw was found in ImageMagick, containing memory leaks of AcquireMagickMemory due to a wand/mogrify.c error. It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the function MogrifyImageList(). An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash." ], "upstream_fix": "ImageMagick 7.0.8-52, ImageMagick 6.9.10-52", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13311\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13311" ], "name": "CVE-2019-13311", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser.", "It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7979\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7979" ], "name": "CVE-2016-7979", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2983\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2983" ], "name": "CVE-2019-2983", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c." ], "upstream_fix": "ImageMagick 6.9.10-5, ImageMagick 7.0.8-5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14435\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14435" ], "name": "CVE-2018-14435", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7986\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7986" ], "name": "CVE-2016-7986", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-03T22:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-385->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue." ], "statement": "Please see the Vulnerability Response article for the full list of updates available and a detailed discussion of this issue.\nMeltdown patches for 32-bit Red Hat Enterprise Linux 5\n------------------------------------------------------\nRed Hat has no current plans to provide mitigations for the Meltdown vulnerability in 32-bit Red Hat Enterprise Linux 5 environments.\nFollowing many hours of engineering investigation and analysis, Red Hat has determined that introducing changes to the Red Hat Enterprise Linux 5 environment would destabilize customer deployments and violate our application binary interface (ABI) and kernel ABI commitments to customers who rely on Red Hat Enterprise Linux 5 to be absolutely stable.\nAlthough Red Hat has delivered patches to mitigate the Meltdown vulnerability in other supported product offerings, the 32-bit Red Hat Enterprise Linux 5 environment presents unique challenges. The combination of limited address space in 32-bit environments plus the mechanism for passing control from the userspace to kernel and limitations on the stack during this transfer make the projected changes too invasive and disruptive for deployments that require the highest level of system stability. By contrast, 32-bit Meltdown mitigations have been delivered for Red Hat Enterprise Linux 6, where the changes are far less invasive and risky.", "acknowledgement": "Red Hat would like to thank Google Project Zero for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5754\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5754\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://spectreattack.com/" ], "csaw": true, "name": "CVE-2017-5754" }, { "threat_severity": "Moderate", "public_date": "2014-08-27T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-787", "details": [ "Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.", "A buffer overflow flaw was found in the way the Minibox PicoLCD driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel package as shipped with\nRed Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise\nLinux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3186\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3186" ], "name": "CVE-2014-3186", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.", "It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a \"Session\" header." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include mod_session module.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1283\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1283" ], "name": "CVE-2018-1283", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2010-09-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option." ], "upstream_fix": "jQuery UI 1.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2010-5312\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5312" ], "name": "CVE-2010-5312", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8782\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8782" ], "name": "CVE-2015-8782", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41." ], "upstream_fix": "nss 3.36.6, nss 3.40.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12404\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12404" ], "name": "CVE-2018-12404", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-13T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.", "A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8666\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8666" ], "name": "CVE-2016-8666", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.", "A stack-based buffer overflow was discovered in ImageMagick in the way it writes PNM images due to a misplaced strncpy and off-by-one errors. Applications compiled against ImageMagick libraries that accept untrustworthy images or write PNM images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code." ], "upstream_fix": "ImageMagick 7.0.8-50, ImageMagick 6.9.10-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13305\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13305" ], "name": "CVE-2019-13305", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server." ], "statement": "This issue did not affect the versions of git as shipped with Red Hat Enterprise Linux 6 as they did not include the vulnerable code.\nIf using OCP 3.6 make sure atomic-openshift-3.6.173.0.128-1.git.0.8da0828.el7 or later is installed on the master.", "upstream_fix": "git 2.13.7, git 2.15.2, git 2.16.4, git 2.17.1, git 2.14.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11235\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11235\nhttps://www.edwardthomson.com/blog/upgrading_git_for_cve2018_11235.html" ], "name": "CVE-2018-11235", "mitigation": { "value": "Don't create OCP source-to-image applications from source code repositories hosted by untrusted parties. Github is blocking users from pushing repositories with malicious submodules so it's less likely you can pull a malicious repository from there which triggers this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.", "An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and 8. Future kernel updates for Red Hat Enterprise Linux 7 and 8 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19332\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19332\nhttps://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/\nhttps://www.openwall.com/lists/oss-security/2019/12/16/1" ], "name": "CVE-2019-19332", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.", "Null pointer reference in some Intel(R) Graphics Drivers for Microsoft Windows and the Linux kernel may allow a privileged user to potentially enable a denial of service via local access." ], "statement": "To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12364\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12364\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html" ], "name": "CVE-2020-12364", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-312", "details": [ "If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jurgen Gaeremyn as the original reporter.", "upstream_fix": "thunderbird 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6794\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6794\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6794" ], "name": "CVE-2020-6794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer." ], "upstream_fix": "mariadb 10.1.10, mariadb 10.0.23, mariadb 5.5.47, mysql 5.7.10, mysql 5.5.47, mysql 5.6.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0597\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0597\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0597", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command." ], "statement": "This issue affects the versions of polkit as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of polkit as shipped with Red Hat Virtualization 4. System users beyond those created at installation time are typically not used in Red Hat Virtualization Hypervisor or Management Appliance hosts, nor is there any opportunity to accidentally or maliciously create a user with a dangerous uid/gid on these systems under normal operation. For Red Hat Virtualization, this vulnerability has been rated as having a security impact of Low. Future updates may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19788\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19788" ], "name": "CVE-2018-19788", "mitigation": { "value": "Do not allow negative UIDs or UIDs greater than 2147483647.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.", "It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5582\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5582\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5582", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-11T00:00:00Z", "cvss": { "cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-130", "details": [ "The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.", "A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1782\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1782\nhttp://www.libssh2.org/adv_20150311.html" ], "name": "CVE-2015-1782", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.", "It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group." ], "acknowledgement": "This issue was discovered by Hubert Kario (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8635\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8635" ], "name": "CVE-2016-8635", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-01-13T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Mitchell Harper as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8641\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8641\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-06.html" ], "name": "CVE-2014-8641", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-30T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information." ], "statement": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "acknowledgement": "Red Hat would like to thank Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE; Cuba), Billy Bob Brumley, Cesar Pereida Garcia, Nicola Tuveri (Tampere University of Technology; Finland), and Sohaib ul Hassan for reporting this issue.", "upstream_fix": "openssl 1.1.0i, openssl 1.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5407\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5407\nhttps://github.com/bbbrumley/portsmash\nhttps://www.openssl.org/news/secadv/20181112.txt" ], "name": "CVE-2018-5407", "mitigation": { "value": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).", "A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory." ], "upstream_fix": "ntp 4.2.8p4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7701\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7701\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner\nhttps://github.com/ntp-project/ntp/blob/stable/NEWS#L91" ], "name": "CVE-2015-7701", "mitigation": { "value": "Disable NTP autokey authentication by removing, or commenting out, all configuration directives beginning with the 'crypto' keyword in your ntp.conf file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.", "It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Alexander Potapenko (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000380\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000380" ], "name": "CVE-2017-1000380", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10." ], "upstream_fix": "gnutls 3.5.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7869\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7869\nhttps://www.gnutls.org/security.html#GNUTLS-SA-2017-3" ], "name": "CVE-2017-7869", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x before 1.10.10 allows remote attackers to cause a denial of service (application crash) via a crafted packet that leverages split memory ownership between the SDP and RTP dissectors." ], "upstream_fix": "wireshark 1.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6421\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6421\nhttps://www.wireshark.org/security/wnpa-sec-2014-12.html" ], "name": "CVE-2014-6421", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process.", "An out-of-bounds write flaw was found in the way Pidgin processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process." ], "acknowledgement": "Red Hat would like to thank the Pidgin project for reporting this issue.", "upstream_fix": "pidgin 2.12.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2640\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2640" ], "name": "CVE-2017-2640", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.", "A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory." ], "upstream_fix": "samba 4.4.10, samba 4.5.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9461\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9461" ], "name": "CVE-2017-9461", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-130", "details": [ "The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." ], "statement": "This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the verison of wireshark as shipped with Red Hat Enterprise Linux 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6.", "upstream_fix": "wireshark 1.12.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6244\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6244\nhttps://www.wireshark.org/security/wnpa-sec-2015-24" ], "name": "CVE-2015-6244", "mitigation": { "value": "This flaw can be mitigated in wireshark by disabling the ZigBee protocol dissector. In wireshark GUI application click on Analyze->Enabled Protocols and search for \"ZigBee\" and disable in. When using \"tshark\", the text interface, create a file called \"disabled_protos\" in the preferences folder (normally .wireshark folder in the home directory of the user running wireshark) and add \"ZigBee\" to it. This should disable the ZigBee protocol.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file." ], "upstream_fix": "jasper 1.900.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9388\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9388" ], "name": "CVE-2016-9388", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-28T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-194", "details": [ "OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.", "An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak." ], "upstream_fix": "ocaml 4.03.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8869\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8869" ], "name": "CVE-2015-8869", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.", "A flaw was found in ImageMagick version 7.0.8-50 Q16, containing memory leaks of AcquireMagickMemory due to the mishandling of the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c. It was discovered that ImageMagick does not properly release acquired memory in function MogrifyImageList() when some error conditions are met, or the \"compare\" option is used. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory." ], "upstream_fix": "ImageMagick 7.0.8-50, ImageMagick 6.9.10-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13309\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13309" ], "name": "CVE-2019-13309", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows \"Write overflow in data2vp_wimax()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.", "An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10984\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10984\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10984", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit BMP in which one or more of the color indices is out of range for the number of palette entries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14498\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14498" ], "name": "CVE-2018-14498", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-12-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.", "A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body." ], "upstream_fix": "tomcat 9.0.0.M15, tomcat 6.0.50, tomcat 8.5.9, tomcat 7.0.75, tomcat 8.0.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8745\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8745\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9" ], "name": "CVE-2016-8745", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1762\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1762" ], "name": "CVE-2016-1762", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c." ], "upstream_fix": "ImageMagick 6.9.10-55, ImageMagick 7.0.8-54", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17540\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17540" ], "name": "CVE-2019-17540", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7498\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7498" ], "name": "CVE-2015-7498", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-266|CWE-250)", "details": [ "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\"", "It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10143\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10143" ], "name": "CVE-2019-10143", "mitigation": { "value": "Add `su radiusd:radiusd` to all log sections in /etc/logrotate.d/radiusd.\nBy keeping SELinux in \"Enforcing\" mode, radiusd user will be limited in the directories he can write to.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function." ], "upstream_fix": "mod_auth_mellon 0.14.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3877\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3877" ], "name": "CVE-2019-3877", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.", "An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel. A denial of service due to the NULL pointer dereference can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork." ], "upstream_fix": "kernel 4.18-rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13095\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13095" ], "name": "CVE-2018-13095", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-10-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"", "A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers." ], "statement": "This issue affects the versions of the httpd package as shipped with Red Hat JBoss Enterprise Application Platform 6; and Red Hat JBoss Web Server 2. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Certificate System does not use the mod_headers module, even when installed, and is thus not affected by this flaw.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat JBoss Enterprise Application Platform 5 and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "upstream_fix": "httpd 2.4.11, httpd 2.2.29", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-5704\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-5704" ], "name": "CVE-2013-5704", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The plain text serializer used a fixed-size array for the number of
    elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mirko Brodesser as the original reporter.", "upstream_fix": "thunderbird 68.3, firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17005\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17005\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17005" ], "name": "CVE-2019-17005", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.", "It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the ReadPCLImage() function. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash.\nAn attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory." ], "upstream_fix": "ImageMagick 6.9.10-35, ImageMagick 7.0.8-35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12976\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12976" ], "name": "CVE-2019-12976", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.", "A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS)." ], "acknowledgement": "This issue was discovered by Alex Williamson (Red Hat Inc.).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3882\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3882" ], "name": "CVE-2019-3882", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.", "A flaw was found in Mozilla Firefox and Thunderbird. When running shutdown code for Web Worker, a race condition occurs leading to a use-after-free memory flaw that could lead to an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "upstream_fix": "thunderbird 68.8.0, firefox 68.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12387\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12387\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387" ], "name": "CVE-2020-12387", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3885\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3885\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3885", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.", "It was found that the fix for CVE-2018-14648 was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service." ], "upstream_fix": "389-ds-base 1.4.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10171\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10171" ], "name": "CVE-2019-10171", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000876\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000876" ], "name": "CVE-2018-1000876", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.", "Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9636\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9636\nhttps://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html" ], "name": "CVE-2016-9636", "mitigation": { "value": "This mitigation is only required if vulnerable gstreamer-plugins-good and/or gstreamer1-plugins-good packages are installed.\nFor RHEL 7,\nsudo rm /usr/lib*/gstreamer-1.0/libgstflxdec.so\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so\nFor RHEL 5 and RHEL 6,\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so\nPlease note that this mitigation deletes the vulnerable FLI/FLC/FLX animation demuxer file(s), which removes the functionality to play FLI/FLC/FLX animation files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-17T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.", "A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9401\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9401" ], "name": "CVE-2016-9401", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-27T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-119", "details": [ "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.", "A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest." ], "statement": "This issue does not affect the versions of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5, the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6 and the Red Hat Enterprise Linux 6 based qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3, because they did not backport the upstream commit that introduced this issue.\nThis issue does affect the versions of qemu-kvm packages as shipped with Red Hat Enterprise Linux 7 and versions of Red Hat Enterprise Linux 7 based qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases will address this flaw.", "acknowledgement": "This issue was discovered by Kevin Wolf (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5154\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5154" ], "name": "CVE-2015-5154", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file." ], "upstream_fix": "gcab 1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5345\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5345" ], "name": "CVE-2018-5345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document.", "It was found that ghostscript function .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could, in the context of the gs process, retrieve file content on the target machine." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7977\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7977" ], "name": "CVE-2016-7977", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake." ], "statement": "This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13078\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13078\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13078", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.", "It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request." ], "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "upstream_fix": "httpd 2.2.32, httpd 2.4.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5387\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5387\nhttps://access.redhat.com/security/vulnerabilities/httpoxy\nhttps://httpoxy.org/\nhttps://www.apache.org/security/asf-httpoxy-response.txt" ], "csaw": true, "name": "CVE-2016-5387" }, { "threat_severity": "Moderate", "public_date": "2015-12-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-401", "details": [ "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.", "A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash." ], "upstream_fix": "openssl 1.0.1q, openssl 0.9.8zh, openssl 1.0.2e, openssl 1.0.0t", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3195\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3195\nhttps://openssl.org/news/secadv/20151203.txt" ], "name": "CVE-2015-3195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476->CWE-665", "details": [ "The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.", "A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and 7. Due to the limited security impact the issue is currently not planned to be addressed in Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "This issue was discovered by Ji Jianwen (Red Hat engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5283\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5283" ], "name": "CVE-2015-5283", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6805\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6805\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805" ], "name": "CVE-2020-6805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8683\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8683\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8683", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7927\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7927" ], "name": "CVE-2016-7927", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Kohlbrenner as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5407\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5407\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407" ], "name": "CVE-2017-5407", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5459\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5459\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5459" ], "name": "CVE-2017-5459", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.", "A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters.", "upstream_fix": "samba 4.3.6, samba 4.1.23, samba 4.4.0rc4, samba 4.2.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7560\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7560\nhttps://www.samba.org/samba/security/CVE-2015-7560.html" ], "name": "CVE-2015-7560", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8680\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8680\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8680", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-08T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.", "A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion." ], "acknowledgement": "This issue was discovered by Simo Sorce (Red Hat).", "upstream_fix": "krb5 1.14.1, krb5 1.13.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8631\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8631" ], "name": "CVE-2015-8631", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.", "In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the version of Linux kernel package as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000004\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000004" ], "name": "CVE-2018-1000004", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element.", "A flaw was discovered in the Apache XML-RPC (ws-xmlrpc) library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5003\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5003" ], "name": "CVE-2016-5003", "mitigation": { "value": "Setting enabledForExtensions is false by default, thus elements are not automatically deserialized. However, if you have it enabled and you don't need any of the provided functions (https://ws.apache.org/xmlrpc/extensions.html) we suggest you disable it.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-201", "details": [ "Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9." ], "upstream_fix": "thunderbird 52.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12372\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12372" ], "name": "CVE-2018-12372", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5102\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5102\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102" ], "name": "CVE-2018-5102", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8743\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8743\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8743", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7984\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7984" ], "name": "CVE-2016-7984", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7210\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7210\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-138.html" ], "name": "CVE-2015-7210", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-25T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.", "A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2 and may be addressed in future updates. \nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5829\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5829" ], "name": "CVE-2016-5829", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-24T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", "It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo." ], "acknowledgement": "Red Hat would like to thank Grisha Levit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7091\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7091" ], "name": "CVE-2016-7091", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-331", "details": [ "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.", "It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2625\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2625" ], "name": "CVE-2017-2625", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T09:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-131", "details": [ "A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "A flaw was found in the Linux kernel. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability." ], "statement": "Only local users, including unprivileged users in a cointainer, can trigger this flaw. However, the impact could be high, especially on multi-tenant systems, because after the attack the system rendered inaccessible for some time (at least until reboot), so the impact has been increased to Important.", "acknowledgement": "Red Hat would like to thank Dr. David Alan Gilbert (redhat.com) for reporting this issue.", "upstream_fix": "Linux kernel 5.9-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14385\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14385\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933" ], "name": "CVE-2020-14385", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.", "A flaw was found in freerdp in versions prior to version 2.0.0-rc4. An integer truncation that leads to a heap-based buffer overflow in the update_read_bitmap_update() function results in a memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8786\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8786" ], "name": "CVE-2018-8786", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.", "Firefox proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using a `file:` URI, bypassing configured proxy settings. This issue only affects OS X in default configuration; on Linux systems, autofs must also be installed for the vulnerability to occur." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-16541\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16541\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2017-16541" ], "name": "CVE-2017-16541", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.", "A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9444\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9444\nhttps://kb.isc.org/article/AA-01441" ], "name": "CVE-2016-9444", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.0.35, mariadb 10.2.15, mariadb 5.5.60, mariadb 10.1.33, mysql 5.7.22, mysql 5.6.40, mysql 5.5.60", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2761\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2761\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" ], "name": "CVE-2018-2761", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-23T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow." ], "upstream_fix": "jasper 1.900.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10249\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10249" ], "name": "CVE-2016-10249", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3231\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3231" ], "name": "CVE-2017-3231", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4860\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4860\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4860", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4882\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4882\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4882", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-22T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.", "It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw take ownership of arbitrary files and directories, or to delete files and directories as the root user." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3150\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3150" ], "name": "CVE-2015-3150", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-19T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.", "It was discovered that libxml2 could access out-of-bounds memory when parsing unclosed HTML comments. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose heap memory contents." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8710\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8710" ], "name": "CVE-2015-8710", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3861\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3861\nhttps://www.libssh2.org/CVE-2019-3861.html" ], "name": "CVE-2019-3861", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8558\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8558" ], "name": "CVE-2019-8558", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", "A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory." ], "statement": "Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libxml2.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1819\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1819" ], "name": "CVE-2015-1819", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-20T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.", "A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation." ], "statement": "This issue does not affect Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG 2.\nFuture Linux kernel updates for Red Hat Enterprise Linux 6 and 7 may address\nthis issue.", "acknowledgement": "Red Hat would like to thank Vasily Averin (Parallels) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5045\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5045" ], "name": "CVE-2014-5045", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.", "A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options." ], "upstream_fix": "git 2.8.5, git 2.5.6, git 2.4.12, git 2.11.2, git 2.9.4, git 2.12.3, git 2.10.3, git 2.6.7, git 2.7.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8386\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8386" ], "name": "CVE-2017-8386", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.", "A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2.\nFuture Linux kernel updates for the respective releases will address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12192\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12192\nhttp://seclists.org/oss-sec/2017/q4/63" ], "name": "CVE-2017-12192", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8601\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8601\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8601", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-552->CWE-200", "details": [ "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.", "A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot()." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3811" ], "name": "CVE-2019-3811", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.", "A flaw was found in the way the Linux kernel implemented a software flush of the Count Cache (indirect branch cache) and Link (Return Address) Stack on the PowerPC platform. The flushing of these structures helps to prevent SpectreRSB like attacks which may leak information from one user process to another. An unprivileged user could use this flaw to cross the syscall or process boundary and read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "This issue affects versions of the kernel package as shipped with Red Hat Enterprise Linux 6, 7 and 8. Future kernel updates for Red Hat Enterprise Linux 6, 7 and 8 may address this issue.\nThis issue does not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18660\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18660" ], "name": "CVE-2019-18660", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen a device was changed while a stream was about to be destroyed, the `stream-reinit` task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges C.M.Chang as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6807\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6807\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807" ], "name": "CVE-2020-6807", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file." ], "upstream_fix": "php 7.1.13, php 7.2.1, php 7.0.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5712\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5712" ], "name": "CVE-2018-5712", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.", "A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0816\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0816\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-33.html" ], "name": "CVE-2015-0816", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2756\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2756" ], "name": "CVE-2020-2756", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-23T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.", "It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process." ], "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0181\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0181" ], "name": "CVE-2014-0181", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1840\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1840" ], "name": "CVE-2016-1840", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-352", "details": [ "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.", "A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3718\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3718" ], "name": "CVE-2016-3718", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7941\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7941" ], "name": "CVE-2015-7941", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5312\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5312" ], "name": "CVE-2015-5312", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "A vulnerability while parsing \"application/http-index-format\" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chamal De Silva as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5445\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5445\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5445" ], "name": "CVE-2017-5445", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository." ], "upstream_fix": "openssl 1.0.2n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3738\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3738\nhttps://www.openssl.org/news/secadv/20171207.txt" ], "name": "CVE-2017-3738", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-674", "details": [ "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.", "Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3705\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3705" ], "name": "CVE-2016-3705", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000078\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000078\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000078", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9200\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9200" ], "name": "CVE-2019-9200", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15856\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15856" ], "name": "CVE-2018-15856", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.", "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions." ], "statement": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "httpd 2.4.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0217\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0217\nhttp://www.apache.org/dist/httpd/CHANGES_2.4\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2019-0217", "mitigation": { "value": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.", "A flaw was found in the alarm_timer_nsleep() function in kernel/time/alarmtimer.c in the Linux kernel. The ktime_add_safe() function is not used and an integer overflow can happen causing an alarm not to fire or possibly a denial-of-service if using a large relative timeout." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13053\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13053" ], "name": "CVE-2018-13053", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.", "A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS." ], "statement": "This flaw was fixed in upstream nss-3.47. Exploitation of this flaw is difficult and even impossible in most cases.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "upstream_fix": "nss 3.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11756\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11756\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes" ], "name": "CVE-2019-11756", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2430\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2430\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL" ], "name": "CVE-2014-2430", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "There is an illegal address access in the _lou_getALine function in compileTranslationTable.c:346 in Liblouis 3.2.0.", "Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13738\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13738" ], "name": "CVE-2017-13738", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16402\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16402" ], "name": "CVE-2018-16402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-29T17:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.", "A flaw was found in grub2. An expected font value is not verified before proceeding with buffer allocations allowing an attacker to use a malicious font file to create an arithmetic overflow, zero-sized allocation, and further heap-based buffer overflow. The highest threat from this vulnerability is to data integrity and system availability." ], "acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security Team) for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14310\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14310" ], "name": "CVE-2020-14310", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-25T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.", "A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8160\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8160" ], "name": "CVE-2014-8160", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-22T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.", "It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.", "upstream_fix": "postgresql 9.0.20, postgresql 9.1.16, postgresql 9.3.7, postgresql 9.2.11, postgresql 9.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3167\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3167" ], "name": "CVE-2015-3167", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9663\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9663" ], "name": "CVE-2014-9663", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-248", "details": [ "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.", "A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the read/write devices' MMIO address space when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal error condition, crashing the system. This flaw allows a guest user or process to crash the host system resulting in a denial of service." ], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of the kernel package as shipped with Red Hat Enterprise Linux 7 and 8. Future kernel updates for Red Hat Enterprise Linux 7 and 8 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12888\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12888" ], "name": "CVE-2020-12888", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "1.7", "cvss_scoring_vector": "AV:N/AC:H/Au:M/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges." ], "upstream_fix": "mariadb 10.1.10, mariadb 10.0.23, mariadb 5.5.47, mysql 5.5.47, mysql 5.7.10, mysql 5.6.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0609\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0609\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0609", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-17T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8897\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8897\nhttp://seclists.org/oss-sec/2016/q2/459\nhttp://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466" ], "name": "CVE-2015-8897", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6502\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6502\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6502", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c." ], "statement": "This issue affects the versions of php as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9024\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9024" ], "name": "CVE-2019-9024", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.", "A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Moderate impact because it affects only specific hardware enabled systems.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18808\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18808" ], "name": "CVE-2019-18808", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module ccp. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB." ], "upstream_fix": "mariadb 5.5.46, mariadb 10.1.8, mariadb 10.0.22, mysql 5.5.46, mysql 5.6.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4861\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4861\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4861", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-20T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML." ], "upstream_fix": "mariadb 5.5.50, mariadb 10.0.26, mariadb 10.1.15, mysql 5.6.31, mysql 5.5.50, mysql 5.7.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3615\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3615\nhttp://www.oracle.com/technetwork/topics/security/cpujul2016-2881720.html" ], "name": "CVE-2016-3615", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.", "A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. As this issue is rated as Important, it has been scheduled to be fixed in future updates for the respective releases.", "acknowledgement": "Red Hat would like to thank Alexander Popov for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2636\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2636\nhttps://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html\nhttps://access.redhat.com/security/vulnerabilities/CVE-2017-2636" ], "csaw": true, "name": "CVE-2017-2636", "mitigation": { "value": "The n_hdlc kernel module will be automatically loaded when an application attempts to use the HDLC line discipline from userspace. This module can be prevented from being loaded by using the system-wide modprobe rules. The following command, run as root, will prevent accidental or intentional loading of the module. Red Hat Product Security believe this method is a robust method to prevent accidental loading of the module, even by privileged users.\n​# echo \"install n_hdlc /bin/true\" >> /etc/modprobe.d/disable-n_hdlc.conf\nThe system will need to be restarted if the n_hdlc modules are already loaded. In most circumstances, the n_hdlc kernel modules will be unable to be unloaded if in use and while any current process using this line discipline is required.\nExploiting this flaw does not require Microgate or SyncLink hardware to be in use.\nIf further assistance is needed, see this KCS article ( https://access.redhat.com/solutions/41278 ) or contact Red Hat Global Support Services.", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2018-01-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file." ], "statement": "Red Hat Product Security has rated this issue as having security impact of Low, a future update may address this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11656\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11656" ], "name": "CVE-2018-11656", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8586\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8586\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8586", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)." ], "upstream_fix": "mariadb 10.2.13, mariadb 10.1.31, mariadb 5.5.59, mariadb 10.0.34, mysql 5.7.20, mysql 5.6.39, mysql 5.5.59", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2562\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2562\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" ], "name": "CVE-2018-2562", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.", "An out-of-bounds heap read flaw was found in GStreamer's MPEG-TS decoder. A remote attacker could use this flaw to cause an application using GStreamer to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9812\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9812" ], "name": "CVE-2016-9812", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key." ], "upstream_fix": "mariadb 5.5.41, mariadb 10.0.16, mysql 5.5.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0432\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0432\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL" ], "name": "CVE-2015-0432", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17183\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17183" ], "name": "CVE-2018-17183", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Shinto K Anto as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7193\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7193\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-127.html" ], "name": "CVE-2015-7193", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image." ], "upstream_fix": "jasper 1.900.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2089\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2089" ], "name": "CVE-2016-2089", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-06-21T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-77", "details": [ "The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.", "A shell command injection flaw was found in the way the setroubleshoot allow_execmod plugin executed external commands. A local attacker able to trigger an execmod SELinux denial could use this flaw to execute arbitrary code with root privileges." ], "acknowledgement": "This issue was discovered by Milos Malik (Red Hat).", "upstream_fix": "setroubleshoot-plugins 3.2.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4444\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4444" ], "name": "CVE-2016-4444", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.", "A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report() in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9363\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9363" ], "name": "CVE-2018-9363", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2767\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2767" ], "name": "CVE-2020-2767", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access." ], "acknowledgement": "Red Hat would like to thank Johannes Wikner (ETH Zurich) and Kaveh Razavi (ETH Zurich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-28693\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28693\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html" ], "name": "CVE-2022-28693", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc." ], "acknowledgement": "This issue was discovered by Red Hat Security Response Team.", "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2398\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2398\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2398", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-17T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of sosreport file in problem directories, which allows local users to obtain sensitive information from /var/log/messages via unspecified vectors.", "It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged users from accessing any crash reports, even reports of crashes of processes owned by those users. Only administrators (the wheel group members) are allowed to access crash reports via the \"System\" tab in the ABRT GUI, or by running abrt-cli as root (that is, via \"sudo abrt-cli\" or \"su -c abrt-cli\")." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1870\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1870" ], "name": "CVE-2015-1870", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7194\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7194\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-128.html" ], "name": "CVE-2015-7194", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-835", "details": [ "Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.", "A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers are received from upstream servers. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12663\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12663" ], "name": "CVE-2020-12663", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-21T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-119", "details": [ "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.", "A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Arjun Shankar (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1781\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1781" ], "name": "CVE-2015-1781", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-665", "details": [ "In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.", "A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell." ], "upstream_fix": "zsh 5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7549\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7549" ], "name": "CVE-2018-7549", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-08T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.", "An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.\nThis issue has been rated as having Low security impact and is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9419\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9419" ], "name": "CVE-2014-9419", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was found in the 360 Total Security code in Firefox and Thunderbird. Memory corruption is possible in the accessibility engine that could lead to an exploit to run arbitrary code. This vulnerability could be exploited over a network connection and would affect confidentiality and integrity of information as well as availability of the system." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11758\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11758\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758" ], "name": "CVE-2019-11758", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-78", "details": [ "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.", "A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20969\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20969\nhttps://seclists.org/bugtraq/2019/Aug/29" ], "name": "CVE-2018-20969", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.", "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8890\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8890" ], "name": "CVE-2017-8890", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-02T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "status": "verified" }, "details": [ "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\" NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.", "It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space." ], "acknowledgement": "This issue was discovered by Red Hat.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0774\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0774" ], "name": "CVE-2016-0774", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-330", "details": [ "cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.", "A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user." ], "upstream_fix": "cloud-init 20.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8631\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8631" ], "name": "CVE-2020-8631", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-185", "details": [ "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection." ], "acknowledgement": "Red Hat would like to thank Hugo van der Sanden and Slaven Rezic for reporting this issue.", "upstream_fix": "perl 5.30.3, perl 5.28.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10878\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10878" ], "name": "CVE-2020-10878", "mitigation": { "value": "To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-30T12:53:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.", "A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code." ], "statement": "This flaw is currently rated as Important as it is possible for an attacker to setup a wifi access point with identical configuration in another location and intercept have the system auto connect and possibly be exploited.", "acknowledgement": "Red Hat would like to thank huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3846\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3846\nhttps://seclists.org/oss-sec/2019/q2/133" ], "name": "CVE-2019-3846", "mitigation": { "value": "This flaw requires a system with marvell wifi network card to be attempting to connect to a attacker controlled wifi network. A temporary mitigation may be to only connect to known-good networks via wifi, or connect to a network via ethernet. Alternatively if wireless networking is not used the mwifiex kernel module can be blacklisted to prevent misuse of the vulnerable code.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-29T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:H/Au:M/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.", "A vulnerability was found in libarchive. An attempt to create an ISO9660 volume with 2GB or 4GB filenames could cause the application to crash." ], "upstream_fix": "libarchive 3.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6250\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6250" ], "name": "CVE-2016-6250", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15859\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15859" ], "name": "CVE-2018-15859", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.", "A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5285\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5285" ], "name": "CVE-2016-5285", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-21T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadTXTImage in coders/txt.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted image file that is mishandled in a GetImageIndexInList call." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18273\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18273" ], "name": "CVE-2017-18273", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-17T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.", "A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7145\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7145" ], "name": "CVE-2014-7145", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.", "It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000116\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000116\nhttps://sourceforge.net/p/net-snmp/bugs/2821/" ], "name": "CVE-2018-1000116", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.", "A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3460\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3460" ], "name": "CVE-2019-3460", "mitigation": { "value": "- Disabling the bluetooth hardware in the bios.\n- Prevent loading of the bluetooth kernel modules.\n- Disable the bluetooth connection by putting the system in \"airport\" mode.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8649\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8649\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8649", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5157\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5157\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157" ], "name": "CVE-2018-5157", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-17T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.", "A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes." ], "acknowledgement": "Red Hat would like to thank Felix Dörre and Vladimir Klebanov for reporting this issue.", "upstream_fix": "gnupg 1.4.21, libgcrypt 1.6.6, libgcrypt 1.7.3, libgcrypt 1.5.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6313\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6313\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html" ], "name": "CVE-2016-6313", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML." ], "upstream_fix": "mariadb 5.5.42, mariadb 10.0.17, mysql 5.5.42, mysql 5.6.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0433\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0433\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL" ], "name": "CVE-2015-0433", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8678\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8678\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8678", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to \"javascript rule evaluation.\"", "A denial of service flaw was found in how polkit handled authorization requests. A local, unprivileged user could send malicious requests to polkit, which could then cause the polkit daemon to corrupt its memory and crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3256\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3256" ], "name": "CVE-2015-3256", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Stack-based buffer overflow in the build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet." ], "statement": "This issue affects the verison of wireshark as shipped with Red Hat Enterprsie Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.", "upstream_fix": "wireshark 1.12.2, wireshark 1.10.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8713\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8713\nhttps://www.wireshark.org/security/wnpa-sec-2014-22.html" ], "name": "CVE-2014-8713", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rh0 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5375\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5375\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5375" ], "name": "CVE-2017-5375", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-15T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.", "A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6828\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6828" ], "name": "CVE-2016-6828", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400->CWE-674", "details": [ "The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.", "Multiple flaws were found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of system resources." ], "acknowledgement": "Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting this issue.", "upstream_fix": "file 5.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8116\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8116" ], "name": "CVE-2014-8116", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0813\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0813\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-31.html" ], "name": "CVE-2015-0813", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-08-28T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228->CWE-617", "details": [ "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"", "A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid." ], "acknowledgement": "Red Hat would like to thank Squid project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter.", "upstream_fix": "squid 3.3.13, squid 3.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3609\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3609\nhttp://www.squid-cache.org/Advisories/SQUID-2014_2.txt" ], "name": "CVE-2014-3609", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10347\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10347" ], "name": "CVE-2017-10347", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-21T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.", "It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes." ], "acknowledgement": "Red Hat would like to thank Jeff Layton for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5229\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5229" ], "name": "CVE-2015-5229", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.", "A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with\nRed Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this\nissue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8086\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8086" ], "name": "CVE-2014-8086", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-451->CWE-347", "details": [ "A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1." ], "upstream_fix": "thunderbird 60.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18509\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18509" ], "name": "CVE-2018-18509", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2952\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2952" ], "name": "CVE-2018-2952", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3526\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3526\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3526", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8823\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8823\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8823", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2778\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2778" ], "name": "CVE-2020-2778", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4216\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4216\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4216", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during video control operations when a \"\" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7750\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7750\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750" ], "name": "CVE-2017-7750", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-29T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.", "It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application." ], "acknowledgement": "Red Hat would like to thank Mahmoud Al-Qudsi (NeoSmart Technologies) for reporting this issue.", "upstream_fix": "hivex 1.3.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9273\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9273" ], "name": "CVE-2014-9273", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "It was found that the \"mknod\" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.", "It was found that the \"mknod\" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10923\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10923" ], "name": "CVE-2018-10923", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.", "A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Michal Zalewski (Google) as the original reporter.", "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.0r, openssl 1.0.2a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0289\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0289\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0289", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated." ], "upstream_fix": "mariadb 5.5.52, mariadb 10.0.28, mariadb 10.1.18, mysql 5.7.15, mysql 5.6.33, mysql 5.5.52", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5629\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5629\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881724.html#AppendixMSQL" ], "name": "CVE-2016-5629", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-13T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image." ], "upstream_fix": "jasper 1.900.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1867\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1867" ], "name": "CVE-2016-1867", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).", "It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2629\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2629" ], "name": "CVE-2018-2629", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.", "It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10845\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10845\nhttps://eprint.iacr.org/2018/747" ], "name": "CVE-2018-10845", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.", "A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system availability, are all at risk with this vulnerability." ], "statement": "The ppp packages distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The \"Stack Smashing Protection\" may help mitigate code execution attacks for this flaw and limit its impact to crash only.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8597\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8597" ], "name": "CVE-2020-8597", "mitigation": { "value": "Red Hat is working on providing updates packages which patches this flaw. This flaw can only be mitigated by updating to these package versions. The \"Stack Smashing Protection\" may help mitigate code execution attacks for this flaw and limit its impact to crash only.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michał Bentkowski as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 68.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17022\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17022\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17022" ], "name": "CVE-2019-17022", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-04-18T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-732", "details": [ "It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.", "It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by David Howells (Red Hat).", "upstream_fix": "kernel 4.11-rc8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9604\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9604" ], "name": "CVE-2016-9604", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.", "The \"lazy_initialize\" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17790\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17790" ], "name": "CVE-2017-17790", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-14T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.", "It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections." ], "upstream_fix": "tomcat 7.0.59, tomcat 6.0.44, tomcat 8.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7810\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7810\nhttp://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.59\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.17" ], "name": "CVE-2014-7810", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.", "If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9500\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9500\nhttps://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html#cve-2019-9500-heap-buffer-overflow-in-brcmf-wowl-nd-results\nhttps://kb.cert.org/vuls/id/166939/\nhttps://www.bleepingcomputer.com/news/security/broadcom-wifi-driver-flaws-expose-computers-phones-iot-to-rce-attacks/" ], "name": "CVE-2019-9500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.", "It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service." ], "upstream_fix": "389-ds-base 1.4.0.24, 389-ds-base 1.4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3883\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3883" ], "name": "CVE-2019-3883", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-26T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-193", "details": [ "Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the \"word_lineno\" issue.", "An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash." ], "statement": "Red Hat Product Security does not consider this bug to have any security impact on the bash packages shipped in Red Hat Enterprise Linux. A fix for this issue was applied as a hardening in RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7187\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7187" ], "name": "CVE-2014-7187", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-11T18:47:00Z", "cvss3": { "cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-672", "details": [ "Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.", "A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw appears to impact systems in special cases involving installing flatpak applications and runtimes system-wide. Installation of flatpak applications and runtimes locally should not be impacted.", "upstream_fix": "flatpak 1.0.7, flatpak 1.2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8308\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8308" ], "name": "CVE-2019-8308", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2945\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2945" ], "name": "CVE-2019-2945", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-05T05:43:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.", "A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, Red Hat Enterprise MRG 2 and real-time kernels. Future updates for the respective releases may address this issue.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE.", "acknowledgement": "Red Hat would like to thank Mohamed Ghannam for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8824\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8824" ], "name": "CVE-2017-8824", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-19T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-390", "details": [ "The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.", "A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism." ], "statement": "This issue did not affect the versions of ntpd as shipped with Red Hat Enterprise Linux 4 and 5. It has been addressed in Red Hat Enterprise Linux 6 and 7 via RHSA-2014:2024.", "upstream_fix": "ntp 4.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9296\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9296\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#receive_missing_return_on_error\nhttps://access.redhat.com/articles/1305723" ], "name": "CVE-2014-9296", "mitigation": { "value": "Remove or comment out all configuration directives beginning with the crypto keyword in your ntp.conf file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-10T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.", "A buffer overflow flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Olivier Fourdan (Red Hat).", "upstream_fix": "xorg-x11-server 1.17.1, xorg-x11-server 1.16.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0255\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0255\nhttp://www.x.org/wiki/Development/Security/Advisory-2015-02-10/" ], "name": "CVE-2015-0255", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-415", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.", "A double-free flaw was found in u32_set_parms in net/sched/cls_u32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat." ], "upstream_fix": "Kernel 6.4-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3609\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3609\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc" ], "name": "CVE-2023-3609", "mitigation": { "value": "To mitigate this issue, prevent module cls_u32 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-78", "details": [ "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.", "A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Red Hat Enterprise Linux 6 is not affected by this vulnerability as the shipped version of patch did not carry the code that introduced this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13638\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13638" ], "name": "CVE-2019-13638", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", "A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability." ], "statement": "This is a flaw in the GENERAL_NAME_cmp function of openssl which can be triggered when both its arguments are of the same type i.e. EDIPARTYNAME. \n1. Red Hat does not ship any applications compiled with openssl, which used the above function in a vulnerable way.\n2. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes, when comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate and when verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token). If an attacker can control both items being compared then that attacker could trigger a crash. For example, if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then a crash may be triggered.\nThird party applications compiled with openssl using the function GENERAL_NAME_cmp in a vulnerable way are affected by this flaw.\nGENERAL_NAME_cmp was added in 0.9.8k, therefore older versions of openssl are not affected by this flaw.", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Benjamin (Google) as the original reporter.", "upstream_fix": "openssl 1.1.1i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1971\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1971\nhttps://www.openssl.org/news/secadv/20201208.txt" ], "name": "CVE-2020-1971", "mitigation": { "value": "Applications not using the GENERAL_NAME_cmp of openssl are not vulnerable to this flaw. Even when this function is used, if the attacker can control both the arguments of this function, only then the attacker could trigger a crash.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-185", "details": [ "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls." ], "acknowledgement": "Red Hat would like to thank Sergey Aleynikov for reporting this issue.", "upstream_fix": "perl 5.30.3, perl 5.28.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12723\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12723" ], "name": "CVE-2020-12723", "mitigation": { "value": "To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument." ], "acknowledgement": "Red Hat would like to thank GnuTLS upstream for reporting this issue.", "upstream_fix": "libtasn1 3.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3469\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3469" ], "name": "CVE-2014-3469", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.", "A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6908\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6908" ], "name": "CVE-2015-6908", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling." ], "statement": "This issue affects the versions of mysql and mysql55 packages as shipped with Red Hat Enterprise Linux 5, 6 and 7. This issue affects the version of mariadb and mariadb55 packages as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.", "upstream_fix": "mariadb 10.0.18, mariadb 5.5.43, mysql 5.6.24, mysql 5.5.43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0501\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0501\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL" ], "name": "CVE-2015-0501", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "details": [ "SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.", "It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7545\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7545" ], "name": "CVE-2016-7545", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities." ], "statement": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5010\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5010\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ], "name": "CVE-2019-5010", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-833", "details": [ "The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.", "The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18232\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18232" ], "name": "CVE-2017-18232", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022." ], "upstream_fix": "php 5.6.10, php 5.4.42, php 5.5.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4643\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4643" ], "name": "CVE-2015-4643", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-30T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified" }, "cwe": "CWE-667", "details": [ "Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.", "A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2.", "acknowledgement": "This issue was discovered by Ji Jianwen (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3212\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3212" ], "name": "CVE-2015-3212", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Eric Lawrence of Chrome Security as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5408\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5408\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5408" ], "name": "CVE-2017-5408", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-12-12T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Christian Holler, Diego Calleja, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12405\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12405\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405" ], "name": "CVE-2018-12405", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8781\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8781" ], "name": "CVE-2015-8781", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-09-07T08:25:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the \"Routing decision\" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "A flaw was found in the \"Routing decision\" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "This flaw is rated as having Moderate impact (Red Hat Enterprise Linux 7 and lower) because of the need to have CAP_NET_ADMIN privileges and that Red Hat Enterprise Linux 7 disabled unprivileged user/network namespaces by default.\nThis flaw is rated as having Important impact (Red Hat Enterprise Linux 8) because Red Hat Enterprise Linux 8 enabled unprivileged user/network namespaces by default which can be used to gain CAP_NET_ADMIN privileges in corresponding user namespace even for otherwise unprivileged local user and thus exercise this vulnerability.", "acknowledgement": "Red Hat would like to thank Zhenpeng Lin for reporting this issue.", "upstream_fix": "Kernel 5.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3715\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3715\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359" ], "name": "CVE-2021-3715", "mitigation": { "value": "In order to mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel module cls_route.ko. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278.\nAlternatively, if cls_route is being used, on Red Hat Enterprise Linux 8, you can disable unprivileged user namespaces by setting user.max_user_namespaces to 0:\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-285", "details": [ "mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.", "It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users." ], "statement": "This issue did not affect versions of subversion as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank Apache Software Foundation for reporting this issue.", "upstream_fix": "Subversion 1.7.21, Subversion 1.8.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3184\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3184\nhttp://subversion.apache.org/security/CVE-2015-3184-advisory.txt" ], "name": "CVE-2015-3184", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-30T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.", "A flaw was found in the way the sit_init_net function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (system-wide out-of-memory condition, high privileges or physical access).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16994\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16994" ], "name": "CVE-2019-16994", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "A heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7149\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7149" ], "name": "CVE-2019-7149", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15694\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15694" ], "name": "CVE-2019-15694", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.", "A NULL pointer dereference flaw was found in the way the LINE6 drivers in the Linux kernel allocated buffers for USB packets. This flaw allows an attacker with physical access to the system to crash the system." ], "statement": "This issue is rated as having Low impact because of the physical access needed to trigger this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15221\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15221" ], "name": "CVE-2019-15221", "mitigation": { "value": "To mitigate this issue, prevent module snd-usb-line6 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5264\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5264\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-79.html" ], "name": "CVE-2016-5264", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-15T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.", "A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9806\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9806" ], "name": "CVE-2016-9806", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1526\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1526\nhttp://www.talosintel.com/reports/TALOS-2016-0061/" ], "name": "CVE-2016-1526", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-78", "details": [ "contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.", "It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt." ], "upstream_fix": "git 1.9.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9938\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9938" ], "name": "CVE-2014-9938", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-862", "details": [ "A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.", "A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly." ], "statement": "In the OpenShift Container Platform (OCP) the container escape and privilege escalation caused by the CVE-2022-0492 vulnerability are blocked by the SELinux policy enabled (by default) on the OCP cluster nodes.\nRed Hat Virtualization requires SELinux running in enforcing mode[1] on all hypervisors and managers, which blocks this vulnerability.\n1. https://access.redhat.com/solutions/499473", "acknowledgement": "Red Hat would like to thank Kevin Wang (Huawei) and Yiqi Sun (Nebula Lab) for reporting this issue.", "upstream_fix": "kernel 5.17 rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-0492\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0492\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af" ], "name": "CVE-2022-0492", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.", "A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server." ], "statement": "This is a protocol flaw which affects IKEv1. All complaint implementations are therefore affected by this flaw. Red Hat Product Security team, does not consider IKEv2 to be affected. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1308508#c2", "upstream_fix": "libreswan 3.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5361\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5361" ], "name": "CVE-2016-5361", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.", "A cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions." ], "upstream_fix": "mailman 2.1.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5950\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5950" ], "name": "CVE-2018-5950", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-08-31T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.", "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution." ], "upstream_fix": "Chrome 53.0.2785.89", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5159\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5159\nhttps://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" ], "name": "CVE-2016-5159", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-12T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-22", "details": [ "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.", "A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive." ], "acknowledgement": "Red Hat would like to thank Insomnia Security for reporting this issue.", "upstream_fix": "libarchive 3.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5418\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5418\nhttp://seclists.org/oss-sec/2016/q3/255" ], "name": "CVE-2016-5418", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6." ], "upstream_fix": "LibreOffice 6.3.0, LibreOffice 6.2.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9850\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9850\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9850" ], "name": "CVE-2019-9850", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-391", "details": [ "The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.", "It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system was in a state that would cause the standard library functions to fail (for example, memory exhaustion), an authenticated user could possibly exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.", "upstream_fix": "postgresql 9.2.11, postgresql 9.0.20, postgresql 9.1.16, postgresql 9.3.7, postgresql 9.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3166\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3166" ], "name": "CVE-2015-3166", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS." ], "upstream_fix": "mariadb 5.5.49, mariadb 10.1.14, mariadb 10.0.25, mysql 5.6.30, mysql 5.5.49, mysql 5.7.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0647\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0647\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0647", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-09-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.", "A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw is rated as having Moderate impact (Red Hat Enterprise Linux 7 and lower) because of the need to have CAP_NET_ADMIN privileges.\nThis flaw is rated as having Important (Red Hat Enterprise Linux 8) impact because of the need to have CAP_NET_ADMIN privileges. Red Hat Enterprise Linux 8 enabled unprivileged user/network namespaces by default which can be used to exercise this vulnerability.", "acknowledgement": "Red Hat would like to thank Will McVicker (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25211\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25211\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6" ], "name": "CVE-2020-25211", "mitigation": { "value": "To mitigate this issue, prevent module nf_conntrack_netlink from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.\nAlternatively, if nf_conntrack_netlink is being used, on Red Hat Enterprise Linux 8, you can disable unprivileged user namespaces by setting user.max_user_namespaces to 0:\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-787|CWE-125)", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.", "A heap-based buffer overflow was discovered in SDL in the SDL_BlitCopy() function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDL_LoadBMP_RW() function. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or possibly execute code." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13616\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13616" ], "name": "CVE-2019-13616", "mitigation": { "value": "If the application accepts untrusted BMP files there is no known mitigation apart from applying the patch.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7975\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7975" ], "name": "CVE-2016-7975", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-02-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1523\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1523\nhttp://www.talosintel.com/reports/TALOS-2016-0059/" ], "name": "CVE-2016-1523", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.", "A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jesse Schwartzentruber and Tyson Smith as the original reporters.", "upstream_fix": "nss 3.16.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1544\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1544\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-63.html" ], "name": "CVE-2014-1544", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10373\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10373" ], "name": "CVE-2018-10373", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file." ], "acknowledgement": "Red Hat would like to thank Gustavo Grieco for reporting this issue.", "upstream_fix": "jasper 1.900.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5203\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5203" ], "name": "CVE-2015-5203", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.", "A flaw was found in the ISCSI target code in the Linux kernel. The flaw allows an unauthenticated, remote attacker to cause a stack buffer overflow of 17 bytes of the stack. Depending on how the kernel was compiled (e.g. compiler, compile flags, and hardware architecture), the attack may lead to a system crash or access to data exported by an iSCSI target. Privilege escalation cannot be ruled out. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank Vincent Pelletier for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14633\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14633" ], "name": "CVE-2018-14633", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-843", "details": [ "The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a \"type confusion\" issue.", "A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code." ], "upstream_fix": "php 5.5.23, php 5.6.7, php 5.4.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4148\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4148" ], "name": "CVE-2015-4148", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-400|CWE-122)", "details": [ "A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.", "A heap overflow flaw was found in the Linux kernel's Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system." ], "acknowledgement": "Red Hat would like to thank Huangwen and Wang Qize (ADLab of VenusTech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14901\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14901" ], "name": "CVE-2019-14901", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1547\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1547\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-56.html" ], "name": "CVE-2014-1547", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-22T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jethro Beekman as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1555\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1555\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-61.html" ], "name": "CVE-2014-1555", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." ], "upstream_fix": "openoffice 4.1.2, libreoffice 5.0.0, libreoffice 4.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5213\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5213\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/\nhttp://www.openoffice.org/security/cves/CVE-2015-5213.html" ], "name": "CVE-2015-5213", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-14T17:00:00Z", "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-203->CWE-385", "details": [ "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11091\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11091" ], "csaw": true, "name": "CVE-2019-11091" }, { "threat_severity": "Moderate", "public_date": "2022-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-459", "details": [ "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to enable information disclosure via local access." ], "statement": "Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA, and documentation) for releasing this content as RHSA. For more information please contact the binary content vendor.", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21123\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21123\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html" ], "name": "CVE-2022-21123", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in the MEGACO dissector in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (infinite loop) via an empty line." ], "upstream_fix": "wireshark 1.10.10, wireshark 1.12.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6423\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6423\nhttps://www.wireshark.org/security/wnpa-sec-2014-13.html" ], "name": "CVE-2014-6423", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416->CWE-476", "details": [ "In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.", "A flaw was found in the Linux kernel’s implementation for ADU devices from Ontrak Control Systems, where an attacker with administrative privileges and access to a local account could pre-groom the memory and physically disconnect or unload a module. The attacker must be able to access either of these two events to trigger the use-after-free, and then race the access to the use-after-free, to create a situation where key USB structs can be manipulated into corrupting memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19523\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19523" ], "name": "CVE-2019-19523", "mitigation": { "value": "As the system module will be auto-loaded when a device that uses the driver is attached (via USB), its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install adutux /bin/true\" >> /etc/modprobe.d/disable-adutux.conf\nThe system will need to be restarted if the adutux module are loaded. In most circumstances, the kernel modules will be unable to be unloaded while any hardware is in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with a manual subscription or unsubscription." ], "upstream_fix": "mutt 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14354\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14354" ], "name": "CVE-2018-14354", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "(CWE-190|CWE-125)", "details": [ "In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.", "A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call set_geometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw may crash the system or allow an attacker to gather information causing subsequent successful attacks." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14283\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14283\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da99466ac243f15fbba65bd261bfc75ffa1532b6\nhttps://github.com/torvalds/linux/commit/da99466ac243f15fbba65bd261bfc75ffa1532b6" ], "name": "CVE-2019-14283", "mitigation": { "value": "The kernel module named 'floppy' contains the affected code, this can be blacklisted using the standard blacklisting techniques or disabled in the systems BIOS. See https://access.redhat.com/solutions/41278 for how to blacklist a kernel module.\nVirtualized guest systems can also remove the system from the guests configuration to ensure that the module does not load.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges James Grant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5129\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5129\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5129" ], "name": "CVE-2018-5129", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges crixer as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11693\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11693\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693" ], "name": "CVE-2019-11693", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-172", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2593\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2593" ], "name": "CVE-2020-2593", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.", "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue.", "upstream_fix": "nss 3.46", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17006\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17006\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes" ], "name": "CVE-2019-17006", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-07T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.", "A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Jann Horn for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4565\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4565" ], "name": "CVE-2016-4565", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-20T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.", "A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash." ], "upstream_fix": "xerces-c 3.1.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0252\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0252\nhttp://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt" ], "name": "CVE-2015-0252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5482\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5482" ], "name": "CVE-2017-5482", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file." ], "upstream_fix": "ImageMagick 6.9.10-42, ImageMagick 7.0.8-42", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14980\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14980" ], "name": "CVE-2019-14980", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-01-29T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yaniv Frank (SophosLabs) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18500\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18500\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500" ], "name": "CVE-2018-18500", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.", "It was discovered that the ghostscript .tempfile function did not properly handle file permissions. An attacker could possibly exploit this to exploit this to bypass the -dSAFER protection and delete files or disclose their content via a specially crafted PostScript document." ], "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15908\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15908\nhttp://seclists.org/oss-sec/2018/q3/142" ], "name": "CVE-2018-15908", "mitigation": { "value": "Please see https://bugzilla.redhat.com/show_bug.cgi?id=1619748#c3", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "In the startread function in xa.c in Sound eXchange (SoX) through 14.4.2, a corrupt header specifying zero channels triggers an infinite loop with a resultant NULL pointer dereference, which may allow a remote attacker to cause a denial-of-service.", "A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18189\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18189\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121" ], "name": "CVE-2017-18189", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-122|CWE-125)", "details": [ "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read." ], "upstream_fix": "thunderbird 68.2, firefox 68.2, expat 2.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15903\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15903" ], "name": "CVE-2019-15903", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6507\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6507" ], "name": "CVE-2014-6507", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-228->CWE-125", "details": [ "The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.", "A vulnerability was found in libarchive. A specially crafted MTREE file could cause a small out-of-bounds read, potentially disclosing a small amount of application memory." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8925\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8925" ], "name": "CVE-2015-8925", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.", "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder." ], "upstream_fix": "tomcat 8.0.37, tomcat 8.5.5, tomcat 6.0.47, tomcat 7.0.72", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0762\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0762\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-0762", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-26T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", "Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application." ], "statement": "The original issue fixed by OpenSSL upstream contains two distinct fixes. The first one is a format string flaw in the internal fmtstr functions, which may result in a OOB read flaw when printing very large string. This issue was assigned CVE-2016-0799\nThe second issue relates to the internal doapr_outch function of OpenSSL. It can result in an OOB write, or cause memory leaks. This issue has been assigned CVE-2016-2842 by MITRE as is now tracked as https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2842", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.2g, openssl 1.0.1s", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0799\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0799" ], "name": "CVE-2016-0799", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", "It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters.", "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.0r, openssl 1.0.2a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0704\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0704\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0704", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Olli Pettay, Philipp, Ralph Giles, Randell Jesup, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5125\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5125\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5125" ], "name": "CVE-2018-5125", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-05-24T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection." ], "statement": "* This issue did not affect the versions of doxygen as shipped with Red Hat Enterprise Linux 5, and 6 as they did not include the vulnerable file search_opensearch.php.\n* This issue did not affect the versions of doxygen as shipped with Red Hat Enterprise Linux 8 as they already include the patched code.", "upstream_fix": "doxygen 1.8.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10245\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10245" ], "name": "CVE-2016-10245", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-665", "details": [ "sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.", "A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4578\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4578" ], "name": "CVE-2016-4578", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "upstream_fix": "thunderbird 68.3, firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17011\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17011\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011" ], "name": "CVE-2019-17011", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "upstream_fix": "mariadb 10.4.7, mariadb 10.2.26, mariadb 5.5.65, mariadb 10.3.17, mariadb 10.1.41, mariadb-connector-c 3.1.3, mysql 5.7.30, mysql 8.0.20, mysql 5.6.48", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2007\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2007\nhttps://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL" ], "name": "CVE-2021-2007", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-06T00:00:00Z", "cvss": { "cvss_base_score": "1.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.", "An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext." ], "statement": "This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8709\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8709" ], "name": "CVE-2014-8709", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted mng file.", "An infinite loop has been found in the way ImageMagick reads Multiple-image Network Graphics (MNG) data. An attacker could exploit this to cause a denial of service via crafted MNG file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10177\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10177" ], "name": "CVE-2018-10177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to \"Diffie-Hellman key agreement.\"" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4263\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4263\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4263", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-7595\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7595" ], "name": "CVE-2020-7595", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.", "A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a long time while processing specially crafted image files, possibly causing a denial of service. Applications that use the library to process untrusted files may be vulnerable to this flaw." ], "upstream_fix": "python-pillow 6.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16865\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16865" ], "name": "CVE-2019-16865", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7940\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7940" ], "name": "CVE-2016-7940", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer." ], "statement": "This issue affects the versions of mysql and mysql55 packages as shipped with Red Hat Enterprise Linux 5, 6 and 7. This issue affects the version of mariadb and mariadb55 packages as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.", "upstream_fix": "mariadb 5.5.43, mariadb 10.0.18, mysql 5.5.43, mysql 5.6.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2571\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2571\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL" ], "name": "CVE-2015-2571", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-319", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.", "A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5597\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5597\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5597", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:H/Au:M/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option." ], "upstream_fix": "mariadb 10.1.9, mariadb 5.5.46, mariadb 10.0.22, mysql 5.6.27, mysql 5.5.46", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3471\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3471\nhttp://www.oracle.com/technetwork/topics/security/cpujul2016-2881720.html" ], "name": "CVE-2016-3471", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-296", "details": [ "When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chuck Harmston and Robert Hardy as the original reporters.", "upstream_fix": "thunderbird 78, thunderbird 68.10.0, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12421\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12421\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421" ], "name": "CVE-2020-12421", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A buffer overflow vulnerability while parsing \"application/http-index-format\" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chamal De Silva as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5444\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5444\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5444" ], "name": "CVE-2017-5444", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3." ], "statement": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "Python 3.6.9, Python 3.5.7, Python 3.7.3, Python 3.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20852\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20852" ], "name": "CVE-2018-20852", "mitigation": { "value": "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-25T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-228", "details": [ "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.", "A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUG_ON() in the public_key_verify_signature() function (crypto/asymmetric_keys/public_key.c), to cause a kernel panic and crash the system." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, MRG and realtime kernels.", "acknowledgement": "Red Hat would like to thank Philip Pettersson (Samsung) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2053\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2053" ], "name": "CVE-2016-2053", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.", "An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution." ], "statement": "This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8176\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8176" ], "name": "CVE-2014-8176", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-02-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9674\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9674" ], "name": "CVE-2014-9674", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18897\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18897" ], "name": "CVE-2018-18897", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8506\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8506" ], "name": "CVE-2019-8506", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2737\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2737\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2737", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser." ], "statement": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "upstream_fix": "jquery 3.5.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11022\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11022\nhttps://github.com/advisories/GHSA-gxr4-xjj5-5px2" ], "name": "CVE-2020-11022", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-665", "details": [ "The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a \"deconfigured interpreter.\"", "A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code." ], "statement": "This issue did not affect PHP packages as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "php 5.6.8, php 5.5.24, php 5.4.40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3330\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3330" ], "name": "CVE-2015-3330", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML." ], "upstream_fix": "mariadb 10.1.8, mariadb 5.5.45, mariadb 10.0.21, mysql 5.5.45, mysql 5.6.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4879\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4879\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4879", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.1.33, mariadb 5.5.60, mariadb 10.2.15, mariadb 10.0.35, mysql 8.0.14, mysql 5.6.43, mysql 5.7.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2455\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2455\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" ], "name": "CVE-2019-2455", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.", "A flaw was found in the Linux kernel's implementation of the HCI UART driver. A local attacker with access permissions to the Bluetooth device can issue an ioctl, which triggers the hci_uart_set_proto() function in drivers/bluetooth/hci_ldisc.c. The flaw in this function can cause memory corruption or a denial of service because of a use-after-free issue when the hci_uart_register_dev() fails." ], "statement": "This flaw is rated as a Moderate as it requires the local attacker to have permissions to issue ioctl commands to the bluetooth device and bluetooth hardware to be present.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15917\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15917" ], "name": "CVE-2019-15917", "mitigation": { "value": "To mitigate this issue, prevent module hci_uart from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8765\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8765\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8765", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.", "A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18360\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18360" ], "name": "CVE-2017-18360", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11713\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11713" ], "name": "CVE-2018-11713", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-20->CWE-122", "details": [ "Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.", "A buffer overflow flaw was found in the way wpa_supplicant handled SSID information in the Wi-Fi Direct / P2P management frames. A specially crafted frame could allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash or, possibly, execute arbitrary code." ], "statement": "This issue did not affect the wpa_supplicant versions as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank Jouni Malinen (wpa_supplicant upstream) for reporting this issue. Upstream acknowledges Alibaba security team as the original reporter.", "upstream_fix": "wpa_supplicant 2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1863\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1863\nhttp://w1.fi/security/2015-1/" ], "name": "CVE-2015-1863", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2013-09-12T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-362->CWE-201", "details": [ "The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.", "It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data." ], "statement": "This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code, which was introduced in later versions.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-7423\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7423" ], "name": "CVE-2013-7423", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Joe Vennix as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1590\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1590\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-85.html" ], "name": "CVE-2014-1590", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-20", "details": [ "The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.", "A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled malformed Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system." ], "statement": "This issue does affect Red Hat Enterprise Linux 5. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue does affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG. Future Linux kernel updates for the respective releases will address this issue.", "acknowledgement": "This issue was discovered by Liu Wei (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3673\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3673" ], "name": "CVE-2014-3673", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-228->CWE-835", "details": [ "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.", "A vulnerability was found in libarchive. A specially crafted ISO file could cause the application to consume resources until it hit a memory limit, leading to a crash or denial of service." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8930\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8930" ], "name": "CVE-2015-8930", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10388\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10388" ], "name": "CVE-2017-10388", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8619\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8619\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8619", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving the 1Policy operator." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18284\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18284" ], "name": "CVE-2018-18284", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Julian Hector as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5456\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5456\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5456" ], "name": "CVE-2017-5456", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 7.0.7-39, ImageMagick 6.9.9-51", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16642\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16642" ], "name": "CVE-2018-16642", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10534\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10534" ], "name": "CVE-2018-10534", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10583\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10583" ], "name": "CVE-2018-10583", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A use-after-free flaw was found in Mozilla Firefox and Thunderbird. When following a value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. An attacker could use this flaw to execute code that was stored in the referenced memory or crash the system." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Zhanjia Song as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11757\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11757\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757" ], "name": "CVE-2019-11757", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-250", "details": [ "ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.", "A vulnerability was discovered in the Linux kernel's AF_IEEE802154 networking module where permissions checks are not enforced. This can allow an unprivileged user to create raw sockets for this protocol leading to the potential for data leaks or system unavailability." ], "statement": "This flaw is rated as moderate; there are no known exploits using this mechanism as an attack surface against the system affected by this bug.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17053\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17053" ], "name": "CVE-2019-17053", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", "A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service." ], "acknowledgement": "Red Hat would like to thank the Python security response team for reporting this issue.", "upstream_fix": "python 3.5.6, python 3.7.0, python 2.7.15, python 3.4.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1061\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1061\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final" ], "name": "CVE-2018-1061", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption." ], "statement": "This issue affects the versions of glibc and compat-glibc as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6485\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6485" ], "name": "CVE-2018-6485", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-27T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-444", "details": [ "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.", "It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly." ], "statement": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "tomcat 6.0.41, tomcat 7.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0099\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0099" ], "name": "CVE-2014-0099", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A crash triggerable by web content in which an \"ErrorResult\" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anton Eliasson as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5401\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5401\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5401" ], "name": "CVE-2017-5401", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10998\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10998" ], "name": "CVE-2018-10998", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-31T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected." ], "upstream_fix": "tomcat 7.0.85, tomcat 8.5.28, tomcat 8.0.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1304\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1304\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" ], "name": "CVE-2018-1304", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2805\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2805" ], "name": "CVE-2020-2805", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "1.5", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "details": [ "Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.", "An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4652\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4652" ], "name": "CVE-2014-4652", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.", "A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length. This can cause a read beyond the buffer boundaries flaw and, in certain cases, cause a memory access fault and a system halt by accessing invalid memory address." ], "acknowledgement": "This issue was discovered by Paolo Abeni (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16885\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16885" ], "name": "CVE-2018-16885", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-04T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet." ], "statement": "This issue affects the verison of wireshark as shipped with Red Hat Enterprsie Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.", "upstream_fix": "wireshark 1.10.11, wireshark 1.12.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8710\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8710\nhttps://www.wireshark.org/security/wnpa-sec-2014-20.html" ], "name": "CVE-2014-8710", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.0.31, mariadb 5.5.55, mariadb 10.1.23, mariadb 10.2.6, mysql 5.6.36, mysql 5.7.18, mysql 5.5.55", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3453\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3453\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" ], "name": "CVE-2017-3453", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.", "A flaw was found in the Linux kernel in the way a local user could create keyrings for other users via keyctl commands. This may allow an attacker to set unwanted defaults, a denial of service, or possibly leak keyring information between users." ], "statement": "The impact is Moderate, because the impact is only for userspace programs if using keyctl incorrectly. For root-level processes (usually during boot) keyctl being used securely without possibility of leaking keys between users.", "acknowledgement": "Red Hat would like to thank Eric Biggers (Google) for reporting this issue.", "upstream_fix": "kernel 4.13.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18270\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18270\nhttp://kernsec.org/pipermail/linux-security-module-archive/2017-September/003318.html\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3" ], "name": "CVE-2017-18270", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.", "A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-11368\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11368" ], "name": "CVE-2017-11368", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2013-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock.", "A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8173\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8173" ], "name": "CVE-2014-8173", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-06T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.", "A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7575\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7575\nhttp://www.mitls.org/pages/attacks/SLOTH\nhttps://access.redhat.com/articles/2112261\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-150/" ], "name": "CVE-2015-7575", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11048\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11048" ], "name": "CVE-2020-11048", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-29T17:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process.", "A flaw was found in current grub2 versions as shipped with Red Hat Enterprise Linux 7 and 8, where the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This issue leads the function to return invalid memory allocations, causing heap-based overflows in several code paths. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security Team) for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14308\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14308" ], "name": "CVE-2020-14308", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule." ], "upstream_fix": "php 5.4.40, php 5.6.8, php 5.5.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4604\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4604" ], "name": "CVE-2015-4604", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-391", "details": [ "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected." ], "upstream_fix": "openssl 1.0.2n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3737\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3737\nhttps://www.openssl.org/news/secadv/20171207.txt" ], "name": "CVE-2017-3737", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-06T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-321", "details": [ "The default cloud-init configuration, in cloud-init 0.6.2 and newer, included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.", "The default cloud-init configuration included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10896\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10896" ], "name": "CVE-2018-10896", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-23T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-356", "details": [ "LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx.", "It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0247\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0247" ], "name": "CVE-2014-0247", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected." ], "statement": "Red Hat Product Security has rated this issue as having low security impact and a future update may address this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10768\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10768" ], "name": "CVE-2018-10768", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.", "It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way." ], "statement": "This issue did not affect the kvm packages as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Nadav Amit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7842\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7842" ], "name": "CVE-2014-7842", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.", "An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file." ], "upstream_fix": "libXpm 3.5.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10164\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10164" ], "name": "CVE-2016-10164", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7785\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7785\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7785" ], "name": "CVE-2017-7785", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a\nsecurity impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the\nRed Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 6.9.10-35, ImageMagick 7.0.8-35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9956\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9956" ], "name": "CVE-2019-9956", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-02T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-460->CWE-305", "details": [ "The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass the lock screen via certain (1) mouse or (2) touch gestures.", "A flaw was found in the way clutter processed certain mouse and touch gestures. An attacker could use this flaw to bypass the screen lock." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3213\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3213" ], "name": "CVE-2015-3213", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-377", "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.", "It was discovered that the ghostscript did not properly restrict access to files open prior to enabling the -dSAFER mode. An attacker could possibly exploit this to bypass the -dSAFER protection and disclose the content of affected files via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16539\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16539\nhttps://www.artifex.com/news/ghostscript-security-resolved/\nhttps://www.kb.cert.org/vuls/id/332928" ], "name": "CVE-2018-16539", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11525\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11525" ], "name": "CVE-2020-11525", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-09-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", "Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions." ], "upstream_fix": "curl 7.50.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7167\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7167\nhttps://curl.haxx.se/docs/adv_20160914.html" ], "name": "CVE-2016-7167", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-362", "details": [ "Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.", "A race condition issue was found in the way the raw packet socket implementation in the Linux kernel networking subsystem handled synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this to waste resources in the kernel's ring buffer or possibly cause an out-of-bounds read on the heap leading to a system crash." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7, and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Willem de Bruijn for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000111\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000111" ], "name": "CVE-2017-1000111", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7936\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7936" ], "name": "CVE-2016-7936", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9899\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9899\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899" ], "name": "CVE-2016-9899", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2975\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2975" ], "name": "CVE-2019-2975", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10081\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10081" ], "name": "CVE-2017-10081", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-125", "details": [ "The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8095\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8095\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8095", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10053\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10053" ], "name": "CVE-2017-10053", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.", "An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker." ], "acknowledgement": "Red Hat would like to thank Jeremy Allison (Google), Stefan Metzmacher (SerNet), and Yihan Lian and Zhibin Hu (Qihoo 360 Gear Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12163\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12163\nhttps://www.samba.org/samba/security/CVE-2017-12163.html" ], "name": "CVE-2017-12163", "mitigation": { "value": "As this is an SMB1-only vulnerability, it can be avoided by setting the server to only use SMB2 via adding:\nserver min protocol = SMB2_02\nto the [global] section of your smb.conf and restarting smbd.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455." ], "upstream_fix": "icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2402\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2402\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9895\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9895\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9895" ], "name": "CVE-2016-9895", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-134", "details": [ "Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4448\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4448" ], "name": "CVE-2016-4448", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-29T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.", "A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4463\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4463\nhttp://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt" ], "name": "CVE-2016-4463", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity." ], "statement": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "acknowledgement": "Red Hat would like to thank Moshe Kol (JSOF) and Shlomi Oberman (JSOF) for reporting this issue.", "upstream_fix": "dnsmasq 2.83", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25686\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25686\nhttps://www.jsof-tech.com/disclosures/dnspooq/" ], "csaw": true, "name": "CVE-2020-25686", "mitigation": { "value": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit ` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system’s environment before applying.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2018-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations." ], "statement": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\nRed Hat Virtualization includes a vulnerable version of ruby, however the affected functionality is not used in Red Hat Virtualization or any of its dependencies. A future update may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16395\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16395\nhttps://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/" ], "name": "CVE-2018-16395", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-08-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.", "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating precinct data structures, which could lead to a crash, or potentially, code execution." ], "upstream_fix": "Chrome 52.0.2743.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5139\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5139\nhttps://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop.html" ], "name": "CVE-2016-5139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", "A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 1.0.0p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0206\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0206\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2015-0206", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-09T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) length, (2) offset, or (3) base pointer checksum value." ], "upstream_fix": "tcpdump 4.7.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2154\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2154" ], "name": "CVE-2015-2154", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4488\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4488\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-90.html" ], "name": "CVE-2015-4488", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.", "A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7392\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7392" ], "name": "CVE-2017-7392", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1." ], "upstream_fix": "pcp 5.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3695\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3695" ], "name": "CVE-2019-3695", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6484\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6484" ], "name": "CVE-2014-6484", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5099\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5099\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099" ], "name": "CVE-2018-5099", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges F. Alonso (revskills) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7757\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7757\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757" ], "name": "CVE-2017-7757", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-04T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-642", "details": [ "The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.", "It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4699\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4699" ], "name": "CVE-2014-4699", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp." ], "upstream_fix": "qt 5.9.7, qt 5.6.4, qt 5.11.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19872\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19872\nhttps://bugreports.qt.io/browse/QTBUG-69449\nhttps://wiki.qt.io/Qt_5.11.3_Change_Files" ], "name": "CVE-2018-19872", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.", "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3715\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3715" ], "name": "CVE-2016-3715", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-416", "details": [ "In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "A flaw was found in the Linux kernel's video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation." ], "statement": "This issue is rated as having Moderate impact, because of the need of additional privileges (usually local console user) to access the video device driver.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9458\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9458" ], "name": "CVE-2019-9458", "mitigation": { "value": "To mitigate this issue, prevent modules v4l2-common, v4l2-dv-timings from being loaded if not being used for primary display. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.", "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials." ], "statement": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "upstream_fix": "bootstrap 3.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20677\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20677" ], "name": "CVE-2018-20677", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "(CWE-190|CWE-200|CWE-400)", "details": [ "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server." ], "statement": "This flaw needs a malicious MITM SSH server. When an application compiled with libssh2 connects to such a MITM SSH server, the server can trigger an integer overflow leading to an OOB read in the SSH_MSG_DISCONNECT logic. This can cause the application compiled with libssh2 to crash. This is strictly a client side crash and the SSH server may not be affected.\nAlso note that when a user connects to a malicious MITM server there is already a risk of disclosing password/keys irrespective of the flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17498\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17498\nhttps://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/" ], "name": "CVE-2019-17498", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120->CWE-121", "details": [ "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.", "A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom \"you have new mail\" message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation." ], "acknowledgement": "This issue was discovered by Richard Maciel Costa (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1100\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1100" ], "name": "CVE-2018-1100", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-01T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.", "A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5364\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5364" ], "name": "CVE-2015-5364", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-121", "details": [ "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution." ], "statement": "Red Hat Product Security has rated this issue as having moderate security impact and a future update may address this flaw.", "upstream_fix": "glibc 2.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11236\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11236" ], "name": "CVE-2018-11236", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8671\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8671\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8671", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-384", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" ], "statement": "This vulnerability was originally assigned CVE-2018-4700, but after the publication of security errata the identifier was changed to CVE-2018-4300. Both identifiers refer to the same vulnerability. Since some sources use CVE-2018-4700 and others use CVE-2018-4300, Red Hat security advisories for this vulnerability have been amended to include both identifiers.", "upstream_fix": "cups 2.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4700\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4700" ], "name": "CVE-2018-4700", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.", "The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7889\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7889" ], "name": "CVE-2017-7889", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4223\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4223\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4223", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S." ], "upstream_fix": "mariadb 10.0.20, mariadb 5.5.44, mysql 5.6.25, mysql 5.5.44", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4752\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4752\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html#MSQL" ], "name": "CVE-2015-4752", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." ], "upstream_fix": "mariadb 10.1.35, mariadb 5.5.61, mariadb 10.3.9, mariadb 10.0.36, mariadb 10.2.17, mysql 5.5.61, mysql 5.7.23, mysql 5.6.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3058\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3058\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" ], "name": "CVE-2018-3058", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-21T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.", "It was found that the superexec operator was available in the internal dictionary. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER." ], "acknowledgement": "This issue was discovered by Cedric Buissart (Red Hat).", "upstream_fix": "ghostscript 9.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3835\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3835\nhttps://bugs.ghostscript.com/show_bug.cgi?id=700585" ], "name": "CVE-2019-3835", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-377", "details": [ "sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.", "An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system." ], "acknowledgement": "This issue was discovered by Mateusz Guzik (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7529\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7529" ], "name": "CVE-2015-7529", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith and Christian Holler as the original reporter.", "upstream_fix": "thunderbird 68.7.0, firefox 68.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6825\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6825\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6825" ], "name": "CVE-2020-6825", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-200", "details": [ "In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c." ], "upstream_fix": "ImageMagick 7.0.8-40, Image Magick 6.9.10-40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11598\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11598" ], "name": "CVE-2019-11598", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Phil Ringnalda, and Philipp as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2836\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2836\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-62.html" ], "name": "CVE-2016-2836", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5103\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5103\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103" ], "name": "CVE-2018-5103", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10285\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10285" ], "name": "CVE-2017-10285", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-16T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-119", "details": [ "The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.", "An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process." ], "statement": "This issue does not affect the versions of the qemu and qemu-kvm packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise Linux 6 based versions of qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. \nThis issue does affect the Red Hat Enterprise Linux 7 qemu-kvm and Red Hat Enterprise Linux 7 based versions of the qemu-kvm-rhev packages as shipped with Red Hat Enterprise Virtualization 3. Future updates for the respective releases may address this flaw.\nPlease note that by default QEMU/KVM guests use in-kernel (KVM) PIT emulation\nin which case the following applies:\nThis issue does not affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise Linux MRG 2.\nThis issue does affect the kvm package as shipped with Red Hat Enterprise Linux 5. \nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Matt Tait (Google's Project Zero security team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3214\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3214" ], "name": "CVE-2015-3214", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4218\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4218\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4218", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8669\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8669\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8669", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.", "It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5699\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5699" ], "name": "CVE-2016-5699", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-09T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial of service. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16233\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16233\nhttps://lkml.org/lkml/2019/9/9/487" ], "name": "CVE-2019-16233", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.", "A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value." ], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "acknowledgement": "Red Hat would like to thank Jan H. Schönherr (Amazon) for reporting this issue.", "upstream_fix": "kernel-3.10.0 720.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000252\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000252" ], "name": "CVE-2017-1000252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aral as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9897\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9897\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9897" ], "name": "CVE-2016-9897", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.", "An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak." ], "upstream_fix": "apr 1.6.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12613\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12613\nhttp://www.apache.org/dist/apr/Announcement1.x.html" ], "name": "CVE-2017-12613", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2981\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2981" ], "name": "CVE-2019-2981", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-17T17:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-400", "details": [ "Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.", "An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS)." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack", "acknowledgement": "Red Hat would like to thank Jonathan Looney (Netflix Information Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11477\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11477\nhttps://patchwork.ozlabs.org/project/netdev/list/?series=114310\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5" ], "csaw": true, "name": "CVE-2019-11477", "mitigation": { "value": "For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3895\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3895\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3895", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283." ], "statement": "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ucha Gobejishvili as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2716\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2716\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-54.html" ], "name": "CVE-2015-2716", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-01-27T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-122", "details": [ "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"", "A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application." ], "upstream_fix": "glibc 2.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0235\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0235\nhttp://www.openwall.com/lists/oss-security/2015/01/27/9\nhttps://access.redhat.com/articles/1332213\nhttps://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability" ], "csaw": true, "name": "CVE-2015-0235" }, { "threat_severity": "Low", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.", "It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process." ], "statement": "In order to exploit this flaw, the attacker needs to first compromise the sandboxed privilege-separation process by using another security flaw. Because of this restriction for successful exploitation, this issue has been rated as having Low security impact.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10012\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10012\nhttps://www.openssh.com/txt/release-7.4" ], "name": "CVE-2016-10012", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-02T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.", "A heap-based buffer overflow flaw was found in the way certain binutils utilities processed archive files. If a user were tricked into processing a specially crafted archive file, it could cause the utility used to process that archive to crash or, potentially, execute arbitrary code with the privileges of the user running that utility." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils-2.23.52.0.1 55.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8738\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8738" ], "name": "CVE-2014-8738", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-07T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC.", "It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key." ], "statement": "This issue did not affect the version of ntp as shipped with Red Hat Enterprise Linux 5", "acknowledgement": "This issue was discovered by Miroslav Lichvár (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1798\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1798" ], "name": "CVE-2015-1798", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2795\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2795\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2795", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe inputs to `sctp_load_addresses_from_init` are verified by `sctp_arethere_unrecognized_parameters`; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Natalie Silvanovich (Google Project Zero) as the original reporter.", "upstream_fix": "chromium-browser 80.0.3987.149, thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20503\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20503\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503" ], "name": "CVE-2019-20503", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-228", "details": [ "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", "It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7169\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7169" ], "name": "CVE-2014-7169", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.", "A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted." ], "upstream_fix": "kernel 4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1066\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1066" ], "name": "CVE-2018-1066", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-18T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.", "VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host." ], "acknowledgement": "This issue was discovered by Daniel Berrange (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15124\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15124" ], "name": "CVE-2017-15124", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).", "It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10102\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10102" ], "name": "CVE-2017-10102", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-406->CWE-400", "details": [ "Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records.", "A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one authoritative zone to another. This flaw allows an attacker to cause a denial of service or be part of an attack against another DNS server when Unbound is deployed as a recursive resolver or authoritative name server." ], "upstream_fix": "unbound 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12662\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12662\nhttp://www.nxnsattack.com/\nhttps://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt" ], "name": "CVE-2020-12662", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that triggers backtracking during processing of an awk rule. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7345.", "Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU." ], "acknowledgement": "This issue was discovered by Jan Kaluža (Red Hat Web Stack Team).", "upstream_fix": "php 5.5.16, php 5.4.32, file 5.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3538\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3538" ], "name": "CVE-2014-3538", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.", "A flaw was found in the Key Recovery Authority (KRA) Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code." ], "statement": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "upstream_fix": "pki-core 10.10.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1721\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1721" ], "name": "CVE-2020-1721", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.", "It was discovered cpio does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system." ], "acknowledgement": "Red Hat would like to thank Thomas Habets for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14866\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14866" ], "name": "CVE-2019-14866", "mitigation": { "value": "TAR archives should be inspected before being extracted and the extraction should be performed with the `tar` command or `--no-absolute-filenames` option if done with `cpio`. Moreover, it should be performed by a low-privilege user whenever possible, to prevent extraction of files that could compromise the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c." ], "upstream_fix": "ImageMagick 6.9.10-4, ImageMagick 7.0.8-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13133\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13133" ], "name": "CVE-2019-13133", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service." ], "statement": "This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5 as they already contained the patched code.", "upstream_fix": "ImageMagick 6.9.9-6, ImageMagick 7.0.6-6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12806\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12806" ], "name": "CVE-2017-12806", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Linus Särud as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11715\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11715\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11715" ], "name": "CVE-2019-11715", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-25T00:00:00Z", "cvss": { "cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-833->CWE-203", "details": [ "The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.", "It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system." ], "acknowledgement": "Red Hat would like to thank Sebastien Macke (Trustwave SpiderLabs) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3238\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3238" ], "name": "CVE-2015-3238", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP." ], "upstream_fix": "icedtea 2.4.7, icedtea 1.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2403\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2403\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2403", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-90", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2588\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2588" ], "name": "CVE-2018-2588", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3632\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3632" ], "name": "CVE-2016-3632", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." ], "upstream_fix": "webkitgtk 2.20.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4204\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4204" ], "name": "CVE-2018-4204", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251." ], "statement": "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", "upstream_fix": "libxml2 2.9.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14567\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14567" ], "name": "CVE-2018-14567", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-25T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14348\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14348" ], "name": "CVE-2018-14348", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-13T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.", "An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four." ], "statement": "This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates in the respective releases may address this issue.\nThis issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1593\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1593" ], "name": "CVE-2015-1593", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20650\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20650" ], "name": "CVE-2018-20650", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-682", "details": [ "NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\"", "A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7433\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7433\nhttp://support.ntp.org/bin/view/Main/NtpBug3067" ], "name": "CVE-2016-7433", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-31T00:36:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.", "A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14624\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14624" ], "name": "CVE-2018-14624", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9947\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9947" ], "name": "CVE-2019-9947", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-28T12:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.", "A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Dovecot project for reporting this issue. Upstream acknowledges Nick Roessler (University of Pennsylvania) and Rafi Rubin (University of Pennsylvania) as the original reporters.", "upstream_fix": "dovecot 2.2.36.4, dovecot 2.3.7.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11500\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11500\nhttps://dovecot.org/pipermail/dovecot-news/2019-August/000418.html" ], "name": "CVE-2019-11500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-78", "details": [ "The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ophir LOJKINE as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6811\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6811\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811" ], "name": "CVE-2020-6811", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data." ], "statement": "This issue affects the versions of qt5-base and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19873\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19873" ], "name": "CVE-2018-19873", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.", "A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file." ], "upstream_fix": "libreoffice 6.0.1, libreoffice 5.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6871\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6871\nhttps://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/" ], "name": "CVE-2018-6871", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5." ], "upstream_fix": "libreoffice 6.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9848\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9848\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848" ], "name": "CVE-2019-9848", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228->CWE-125", "details": [ "The (1) get_quoted_string and (2) get_unquoted_string functions in epan/dissectors/packet-cups.c in the CUPS dissector in Wireshark 1.12.x before 1.12.1 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a CUPS packet that lacks a trailing '\\0' character." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6425\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6425\nhttps://www.wireshark.org/security/wnpa-sec-2014-15.html" ], "name": "CVE-2014-6425", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-228->CWE-125", "details": [ "The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.", "A vulnerability was found in libarchive. A specially crafted RAR file could cause the application to disclose a 128k block of memory from an uncontrolled location." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8926\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8926" ], "name": "CVE-2015-8926", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-23T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", "It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service." ], "statement": "This issue affects the versions of glibc as shipped with Red Hat Enterprise Linux 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Robin Hack (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8121\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8121" ], "name": "CVE-2014-8121", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-863", "details": [ "A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.", "A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity." ], "statement": "- Red Hat Certificate System 10.1 has been fixed via the Red Hat Enterprise Linux 8 errata RHSA-2021:0966\n- Red Hat Certificate System 10.2 and newer are not affected by this flaw", "acknowledgement": "Red Hat would like to thank Fraser Tweedale and Geetika Kapoor for reporting this issue.", "upstream_fix": "pki-core 10.11, pki-core 10.9, pki-core 10.8, pki-core 10.10, pki-core 10.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20179\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20179" ], "name": "CVE-2021-20179", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-476", "details": [ "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.", "A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' in the Linux kernel. The driver mishandles invalid descriptors leading to a denial-of-service (DoS). This could allow a local attacker with user privilege to crash the system or leak kernel internal information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11668\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11668" ], "name": "CVE-2020-11668", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module 'xirlink-cit' onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-228->CWE-125", "details": [ "The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.", "A vulnerability was found in libarchive. A specially crafted RAR file could cause the application to read memory beyond the end of the decompression buffer." ], "upstream_fix": "libarchive 3.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8934\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8934" ], "name": "CVE-2015-8934", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7793\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7793\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7793" ], "name": "CVE-2017-7793", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.", "A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14106\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14106" ], "name": "CVE-2017-14106", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3458\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3458\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3458", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.", "A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ryan Sleevi as the original reporter.", "upstream_fix": "nspr 4.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7183\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7183\nhttps://access.redhat.com/articles/2043623\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-133.html" ], "name": "CVE-2015-7183", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's \"default request-key keyring\" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.", "The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "upstream_fix": "kernel 14.4.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17807\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17807" ], "name": "CVE-2017-17807", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Radiotap dissector could crash. This was addressed in epan/dissectors/packet-ieee80211-radiotap-iter.c by validating iterator operations." ], "upstream_fix": "wireshark 2.2.17, wireshark 2.4.9, wireshark 2.6.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16057\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16057\nhttps://www.wireshark.org/security/wnpa-sec-2018-46.html" ], "name": "CVE-2018-16057", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.", "It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3144\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3144\nhttps://kb.isc.org/article/AA-01541" ], "name": "CVE-2017-3144", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10357\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10357" ], "name": "CVE-2017-10357", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file." ], "statement": "This vulnerability is present in the libarchive package included in Red Hat Virtualization Hypervisor, however it is never exposed to ISO images created by attackers or users, so the vulnerability can not be exploited.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1000020\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1000020" ], "name": "CVE-2019-1000020", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.", "An out of bounds write, limited to NULL bytes, was discovered in libX11 in functions XListExtensions() and XGetFontPath(). The length field is considered as a signed value, which makes the library access memory before the intended buffer. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the memory corruption." ], "statement": "To exploit the vulnerability an attacker would need to have already compromised the X server used by your applications. Normally, the X client that runs libX11 and the X server runs on the same machine, thus if an attacker can trigger this flaw he has already compromised the X server, which runs as root, and he has already full control on the system. If the X client runs on another system than the X server (e.g. DISPLAY environment variable is used and it points to an X server on another system) then exploiting this vulnerability would only gain the privileges of the client, which should not be run with high privileges. For the above reasons, this flaw was rated as Moderate Impact.", "upstream_fix": "libX11 1.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14600\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14600" ], "name": "CVE-2018-14600", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3610\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3610\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3610", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-12T12:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.", "A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service." ], "statement": "This issue affects the versions of the kernel packages as shipped with the Red Hat Enterprise Linux 6 starting with the Red Hat Enterprise Linux 6.7 GA version kernel-2.6.32-573 . Prior Red Hat Enterprise Linux 6 kernel versions are not affected.", "acknowledgement": "Red Hat would like to thank Matthew Sheets (gd-ms.com) for reporting this issue.", "upstream_fix": "kernel 5.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10711\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10711" ], "name": "CVE-2020-10711", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\nThis issue can only be resolved by applying updates.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400->CWE-674", "details": [ "softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of service (CPU consumption or crash) via unspecified vectors.", "A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of system resources." ], "acknowledgement": "Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting this issue.", "upstream_fix": "file 5.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8117\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8117" ], "name": "CVE-2014-8117", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125->CWE-787", "details": [ "Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.", "A flaw was found in edk2. When registering a RAM disk whose size is not a multiple of 512 bytes, the BlockIo protocol produced by the RamDiskDxe driver will incur memory read/write overrun. The memory overrun will happen when reading/writing the last block on the RAM disk. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12180\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12180" ], "name": "CVE-2018-12180", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1935\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1935\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-03.html" ], "name": "CVE-2016-1935", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abdulrahman Alqabandi as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5265\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5265\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-80.html" ], "name": "CVE-2016-5265", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-22T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method.", "Multiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3151\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3151" ], "name": "CVE-2015-3151", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2790\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2790" ], "name": "CVE-2018-2790", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401", "details": [ "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", "A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20388\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20388" ], "name": "CVE-2019-20388", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." ], "upstream_fix": "openssl 1.0.2q-dev, openssl 1.1.1a-dev, openssl 1.1.0j-dev", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0734\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0734" ], "name": "CVE-2018-0734", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-20T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection." ], "upstream_fix": "mariadb 10.1.14, mariadb 5.5.49, mariadb 10.0.25, mysql 5.5.49, mysql 5.7.12, mysql 5.6.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5444\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5444\nhttp://www.oracle.com/technetwork/topics/security/cpujul2016-2881720.html" ], "name": "CVE-2016-5444", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB." ], "upstream_fix": "mariadb 10.1.8, mariadb 5.5.45, mariadb 10.0.21, mysql 5.5.45", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4816\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4816\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-172", "details": [ "A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.", "A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member." ], "acknowledgement": "Red Hat would like to thank Jens Kühnel (Deutsche Börse AG) and Sandro Emma (Deutsche Börse AG) for reporting this issue.", "upstream_fix": "fence-agents 4.3.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10153\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10153" ], "name": "CVE-2019-10153", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858." ], "upstream_fix": "mariadb 5.5.46, mariadb 10.1.8, mariadb 10.0.22, mysql 5.5.46, mysql 5.6.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4913\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4913\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4913", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-26T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.", "An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9130\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9130" ], "name": "CVE-2014-9130", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-29T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments.", "A use-after-free flaw was found in the way PHP handled certain ArrayIterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory." ], "statement": "This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "php 5.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4698\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4698" ], "name": "CVE-2014-4698", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c." ], "upstream_fix": "ImageMagick 7.0.8-55, ImageMagick 6.9.10-55", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17541\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17541" ], "name": "CVE-2019-17541", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-522", "details": [ "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.", "An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote, authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so." ], "statement": "Red Hat Satellite 5 are is in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Jeff Janes as the original reporter.", "upstream_fix": "postgresql 9.4.13, postgresql 9.6.4, postgresql 9.2.22, postgresql 9.3.18, postgresql 9.5.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7547\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7547\nhttps://www.postgresql.org/about/news/1772/" ], "name": "CVE-2017-7547", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-17T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-252->CWE-391->CWE-476", "details": [ "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a crafted BDF font file.", "A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server." ], "upstream_fix": "libXfont 1.4.9, libXfont 1.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1803\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1803\nhttp://www.x.org/wiki/Development/Security/Advisory-2015-03-17/" ], "name": "CVE-2015-1803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5733\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5733\nhttps://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" ], "name": "CVE-2017-5733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8102\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8102\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8102", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.", "An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario." ], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.", "acknowledgement": "This issue was discovered by Jason Wang (Red Hat Inc.).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3900\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3900" ], "name": "CVE-2019-3900", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-10-12T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-456", "details": [ "The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.", "It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 , 7 and Red Hat MRG 2. Future updates for the respective releases may address this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7872\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7872" ], "name": "CVE-2015-7872", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2602\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2602" ], "name": "CVE-2019-2602", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3865\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3865\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3865", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted \"Content-Type: text/enriched\" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).", "A command injection flaw within the Emacs \"enriched mode\" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14482\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14482" ], "name": "CVE-2017-14482", "mitigation": { "value": "This issue can be mitigated by adding the following lines to the Emacs init file (for example ~/.emacs, ~/emacs.d/init.el, site-start.el) and avoiding options that would bypass normal initialization, like 'emacs -Q':\n;; Mitigate CVE-2017-14482 in Emacs 25.2 and earlier\n(require 'enriched)\n(defun enriched-decode-display-prop (start end &optional param)\n(list start end))", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.", "A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0410\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0410\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2015-0410", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "5.5", "cvss_scoring_vector": "AV:A/AC:L/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.", "A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host." ], "statement": "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "acknowledgement": "Red Hat would like to thank Lars Bull (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3611\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3611" ], "name": "CVE-2014-3611", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rh0 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5400\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5400\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5400" ], "name": "CVE-2017-5400", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1837\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1837" ], "name": "CVE-2016-1837", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-04T01:29:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-319", "details": [ "A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.", "A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality." ], "acknowledgement": "This issue was discovered by Xiumei Mu (Red Hat QE Engineering).", "upstream_fix": "Linux kernel version 5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1749\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1749" ], "name": "CVE-2020-1749", "mitigation": { "value": "Disabling the IPV6 protocol may be a suitable workaround for systems that do not require the protocol to function correctly, however, if IPV6 is not in use this flaw will not be triggered.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Razmjou as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5383\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5383\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383" ], "name": "CVE-2017-5383", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-552", "details": [ "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used." ], "statement": "This issue affects the versions of glib2 as shipped with Red Hat Enterprise Linux 6, 7 and 8 . Red Hat Product Security has rated this issue as having a security impact of Moderate.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12450\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12450" ], "name": "CVE-2019-12450", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9445\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9445\nhttps://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html?m=1" ], "name": "CVE-2016-9445", "mitigation": { "value": "This mitigation is only required if vulnerable gstreamer-plugins-bad-free and/or gstreamer1-plugins-bad-free packages are installed.\nFor RHEL 7,\nsudo rm /usr/lib*/gstreamer-1.0/libgstvmnc.so\nsudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so\nFor RHEL 6,\nsudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so\nPlease note that this mitigation deletes the vulnerable VMware NC decoder, which removes the functionality to play VMware movie files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8607\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8607\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8607", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5097\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5097\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097" ], "name": "CVE-2018-5097", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Root Object as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5178\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5178\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178" ], "name": "CVE-2018-5178", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15695\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15695" ], "name": "CVE-2019-15695", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2977\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2977" ], "name": "CVE-2019-2977", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.", "A vulnerability was found in libarchive. A specially crafted gzip file can cause libarchive to allocate memory without limit, eventually leading to a crash." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7166\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7166" ], "name": "CVE-2016-7166", "csaw": false }, { "public_date": "2019-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "verified" }, "cwe": "(CWE-122|CWE-190)", "details": [ "libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.", "A flaw was found in libvncserver in versions through 0.9.12. A large height or width value may cause an integer overflow or a heap-based buffer overflow. The highest threat from this vulnerability is to system availability." ], "statement": "This flaw was found to be a duplicate of CVE-2019-15690. Please see https://access.redhat.com/security/cve/CVE-2019-15690 for information about affected products and security errata.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20788\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20788" ], "name": "CVE-2019-20788", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4760\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4760\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4760", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.\nWhen route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\nWe recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.", "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\nSimilar CVE-2023-4128 was rejected as a duplicate." ], "upstream_fix": "Kernel 6.5-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4206\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4206\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8\nhttps://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/" ], "name": "CVE-2023-4206", "mitigation": { "value": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-12T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10999\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10999" ], "name": "CVE-2018-10999", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18271\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18271" ], "name": "CVE-2017-18271", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2973\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2973" ], "name": "CVE-2019-2973", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3180\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3180" ], "name": "CVE-2018-3180", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Artifex Ghostscript before 9.25. Incorrect \"restoration of privilege\" checking when running out of stack during exception handling could be used by attackers able to supply crafted PostScript to execute code using the \"pipe\" instruction. This is due to an incomplete fix for CVE-2018-16509." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "ghostscript 9.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16802\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16802" ], "name": "CVE-2018-16802", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition." ], "statement": "This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "openssl 1.0.0m, openssl 1.0.1h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0198\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0198\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0198", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-12T18:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-385->CWE-203", "details": [ "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", "A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing.\nIntel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution.\nWhile TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue." ], "statement": "libvirt and qemu-kvm on Red Hat Enterprise Linux 6 are not affected by this vulnerability as they do not support MSR-based CPU features.", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11135\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11135\nhttps://access.redhat.com/solutions/tsx-asynchronousabort\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html" ], "csaw": true, "name": "CVE-2019-11135", "mitigation": { "value": "For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/tsx-asynchronousabort", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2018-02-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file." ], "upstream_fix": "zziplib 0.13.68", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6541\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6541" ], "name": "CVE-2018-6541", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML." ], "upstream_fix": "mariadb 10.1.10, mariadb 5.5.47, mariadb 10.0.23, mysql 5.6.28, mysql 5.7.10, mysql 5.5.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0598\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0598\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0598", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-20T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.", "It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time." ], "statement": "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue in Red Hat Enterprise Linux 6 and 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ntp 4.2.8p6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7979\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7979\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit\nhttp://www.talosintel.com/reports/TALOS-2016-0076/" ], "name": "CVE-2015-7979", "mitigation": { "value": "Do not use NTP's broadcast mode by not configuring the \"broadcast\" directive in the ntp.conf file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.", "A flaw was found in the Linux kernel’s implementation of displaying NUMA statistics, where displaying the scheduler statistics could trigger a use-after-free in show_numa_stats() and display the kernel memory to userspace. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20934\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20934" ], "name": "CVE-2019-20934", "mitigation": { "value": "As the NUMA features are built-in and enabled by default, the NUMA functionality can be disabled at boot time by providing the kernel parameter, numa=off.\nThe method of providing this parameter depends on the operating system version, see KCS article https://access.redhat.com/solutions/23216.\nDisabling this feature may have significant performance impacts and the administrator should consider if the performance penalty is a problem.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.", "A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server." ], "statement": "This vulnerability exists in the `telnet-server` package, not in the `telnet` client-side package. For a Red Hat Enterprise Linux host to be vulnerable, it must have telnet-server installed and the telnetd service enabled. Use of telnetd is not recommended, as it is an un-encrypted protocol with cleartext transmission of passwords; alternatives such as openssh are preferred.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10188\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10188" ], "name": "CVE-2020-10188", "mitigation": { "value": "When in enforcing mode, SELinux as configured in Red Hat Enterprise Linux provides some mitigation against an exploit for telnet-server, because it limits the kind of operations it can perform and programs that can be run from the telnet-server's context.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-27T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-787", "details": [ "Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.", "An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3181\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3181" ], "name": "CVE-2014-3181", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-26T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.", "It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5471\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5471" ], "name": "CVE-2014-5471", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11018\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11018" ], "name": "CVE-2020-11018", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8766\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8766\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8766", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.", "It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the \"lwres\" statement in named.conf." ], "upstream_fix": "bind 9.11.0b2, bind 9.10.4-P2, bind 9.9.9-S3, bind 9.9.9-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2775\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2775\nhttps://kb.isc.org/article/AA-01393/" ], "name": "CVE-2016-2775", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.", "It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Wheelwright as the original reporter.", "upstream_fix": "postgresql 9.6.3, postgresql 9.4.12, postgresql 9.3.17, postgresql 9.5.7, postgresql 9.2.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7486\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7486\nhttps://www.postgresql.org/about/news/1746/" ], "name": "CVE-2017-7486", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-23T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows remote attackers to execute arbitrary code.", "It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy." ], "acknowledgement": "Red Hat would like to thank Mikhail Egorov (Odin) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7050\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7050" ], "name": "CVE-2016-7050", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T14:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-349", "details": [ "A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.", "A flaw was found in the Linux kernel’s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted permissions and without further processing. At this time, there is no known ability for an attacker to abuse this flaw." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10751\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10751\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6\nhttps://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/\nhttps://www.openwall.com/lists/oss-security/2020/04/30/5" ], "name": "CVE-2020-10751", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure)." ], "upstream_fix": "jasper 1.900.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9389\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9389" ], "name": "CVE-2016-9389", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-674", "details": [ "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." ], "upstream_fix": "pcre 8.36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2328\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2328" ], "name": "CVE-2015-2328", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.66, mariadb 10.4.9, mariadb 10.3.19, mariadb 10.2.28, mariadb 10.1.42, mysql 5.6.48, mysql 5.7.30, mysql 8.0.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2780\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2780\nhttps://www.oracle.com/security-alerts/cpuapr2020.html" ], "name": "CVE-2020-2780", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-367", "details": [ "A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.", "A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25212\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25212" ], "name": "CVE-2020-25212", "mitigation": { "value": "While there is no known mitigation to this flaw, configuring authentication and only mounting authenticated NFSv4 servers will significantly reduce the risk of this flaw being successfully exploited.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service." ], "acknowledgement": "This issue was discovered by Richard Maciel Costa (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1071\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1071" ], "name": "CVE-2018-1071", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-10T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer overflow in the SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers writes of uncompressed bytes beyond the end of the output buffer." ], "upstream_fix": "wireshark 1.10.10, wireshark 1.12.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6431\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6431\nhttps://www.wireshark.org/security/wnpa-sec-2014-19.html" ], "name": "CVE-2014-6431", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking." ], "statement": "Applications that use AbstractBasicAuthHandler, HTTPBasicAuthHandler and ProxyBasicAuthHandler may be affected by this flaw. Other classes may use the vulnerable method http_error_auth_reqed in AbstractBasicAuthHandler as well.\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as notaffected as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "upstream_fix": "python 3.8.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8492\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8492" ], "name": "CVE-2020-8492", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8782\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8782\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8782", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8835\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8835\nhttps://webkitgtk.org/security/WSA-2020-0001.html" ], "name": "CVE-2019-8835", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-07-06T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-391", "details": [ "mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Kirill A. Shutemov (Intel) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3288\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3288" ], "name": "CVE-2015-3288", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.", "An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application." ], "statement": "This issue did not affect the versions of gdk-pixbuf as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4491\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4491\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-88.html" ], "name": "CVE-2015-4491", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite." ], "statement": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "acknowledgement": "Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Gaëtan Leurent (Inria) and Karthikeyan Bhargavan (Inria) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2183\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2183\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\nhttps://sweet32.info/" ], "csaw": true, "name": "CVE-2016-2183", "mitigation": { "value": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\nhttps://access.redhat.com/articles/2598471\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\nhttps://access.redhat.com/articles/5348961", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2014-04-25T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.", "A flaw was found in the way the cups-browsed daemon interpreted the \"BrowseAllow\" directive in the cups-browsed.conf file. An attacker able to add a malformed \"BrowseAllow\" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions." ], "upstream_fix": "cups-filters 1.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4338\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4338" ], "name": "CVE-2014-4338", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "nmevent.c in the Novell GroupWise protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a crafted server message that triggers a large memory allocation.", "A denial of service flaw was found in the way Pidgin parsed Groupwise server messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to cause Pidgin to consume an excessive amount of memory, possibly leading to a crash, by sending a specially crafted message." ], "acknowledgement": "Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Richard Johnson (Cisco Talos) and Yves Younan (Cisco Talos) as the original reporters.", "upstream_fix": "pidgin 2.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3696\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3696" ], "name": "CVE-2014-3696", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8615\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8615\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8615", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-19T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.", "System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator." ], "statement": "This issue affects Red Hat Enterprise Linux 7 and MRG-2 kernels and will be addressed in a future update. This issue does not affect Red Hat Enterprise Linux 5 and 6 systems.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6327\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6327" ], "name": "CVE-2016-6327", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8681\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8681\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8681", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.", "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite." ], "upstream_fix": "openssl 1.1.0d, openssl 1.0.2k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3731\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3731\nhttps://www.openssl.org/news/secadv/20170126.txt" ], "name": "CVE-2017-3731", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Stone as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 68.1, firefox 60.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11742\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11742\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11742" ], "name": "CVE-2019-11742", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3902\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3902\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3902", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.", "A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server." ], "statement": "This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 5, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat Enterprise JBoss Enterprise Web Server 1 and 2.", "upstream_fix": "openssl 1.0.1j", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3513\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3513\nhttps://www.openssl.org/news/secadv_20141015.txt" ], "name": "CVE-2014-3513", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet." ], "upstream_fix": "wireshark 1.12.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3810\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3810\nhttps://www.wireshark.org/security/wnpa-sec-2015-13.html" ], "name": "CVE-2015-3810", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", "A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.", "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.2a, openssl 1.0.0r", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0288\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0288\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0288", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2801\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2801\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2801", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7933\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7933" ], "name": "CVE-2016-7933", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-03T08:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.", "A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system." ], "upstream_fix": "kernel 5.16-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4083\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4083\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9" ], "name": "CVE-2021-4083", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-18T13:59:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected." ], "statement": "This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikely that most servers will be exploitable. The debug level of the bind server can be checked via the rndc status command, which will return the current trace level as \"debug level\". A value of 10 or above would most likely make this flaw exploitable.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5742\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5742\nhttps://www.openwall.com/lists/oss-security/2018/12/19/6" ], "name": "CVE-2018-5742", "mitigation": { "value": "Ensure that debug logging is disabled and set to 0. This can be verified on the Bind server by the rndc status command.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6506\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6506\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6506", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.", "A flaw was found in the Linux kernel. Improper input validation in some Intel(R) Graphics Drivers may allow a privileged user to potentially enable a denial of service via local access." ], "statement": "To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12363\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12363\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html" ], "name": "CVE-2020-12363", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF." ], "statement": "* This issue does not affect Red Hat Gluster Storage 3 and Red Hat Ceph Storage 2 and 3 because these products do not use the twisted web APIs.\n* This issue does affect Red Hat Enterprise Linux 6. However, because this version is now in Maintenance Support 2 Phase and the flaw has a security impact of Moderate, it is not currently planned to be addressed in future Red Hat Enterprise Linux 6 updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata\n* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-twisted package.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12387\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12387" ], "name": "CVE-2019-12387", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth." ], "upstream_fix": "mysql 5.6.24, mysql 5.5.44", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4737\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4737\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html#MSQL" ], "name": "CVE-2015-4737", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-77", "details": [ "The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.", "A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system." ], "upstream_fix": "git 2.3.10, git 2.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7545\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7545" ], "name": "CVE-2015-7545", "mitigation": { "value": "Avoid recursive cloning or updating of git submodules without checking the submodule URL. Non-recursive cloning is the default in git, so user needs to change this to become vulnerable (\"e.g. by specifying --recursive\").", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.", "A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance." ], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ntp 4.2.8p6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8158\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8158\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit\nhttp://www.talosintel.com/reports/TALOS-2016-0080/" ], "name": "CVE-2015-8158", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel packages as shipped with\nRed Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5412\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5412" ], "name": "CVE-2016-5412", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8771\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8771\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8771", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jeff Gilbert and Kenneth Russell as the original reporters.", "upstream_fix": "thunderbird 68.7.0, firefox 68.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6821\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6821\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6821" ], "name": "CVE-2020-6821", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space", "A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges." ], "statement": "For the Red Hat Enterprise Linux 7 only privileged user can trigger this bug.\nFor the Red Hat Enterprise Linux 8 regular user can trigger it, and the result is corruption of 4 bytes of memory.", "upstream_fix": "Kernel 5.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-22555\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22555\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d\nhttps://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528" ], "name": "CVE-2021-22555", "mitigation": { "value": "The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command:\necho 0 > /proc/sys/user/max_user_namespaces\nFor making this change in configuration permanent.\nNote: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.\nConfigure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the \"/etc/sysctl.d/\" directory:\nuser.max_user_namespaces = 0\nThe system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:\n$ sudo sysctl --system\nThe other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6051\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6051" ], "name": "CVE-2014-6051", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11049\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11049" ], "name": "CVE-2020-11049", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10067\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10067" ], "name": "CVE-2017-10067", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-06-21T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-77", "details": [ "setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3) analysis_id field in a crafted XML document to the run_fix function in SetroubleshootFixit.py, related to the subprocess.check_output and commands.getstatusoutput functions, a different vulnerability than CVE-2016-4445.", "Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges." ], "acknowledgement": "This issue was discovered by Red Hat Product Security.", "upstream_fix": "setroubleshoot 3.3.9.1, setroubleshoot 3.2.27.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4989\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4989" ], "name": "CVE-2016-4989", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-03T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-22", "details": [ "The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a \"double-chroot attack.\"", "A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2925\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2925" ], "name": "CVE-2015-2925", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.", "It was found that some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3839\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3839" ], "name": "CVE-2019-3839", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use.", "A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source." ], "upstream_fix": "ntp 4.2.8p9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7429\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7429\nhttp://support.ntp.org/bin/view/Main/NtpBug3072" ], "name": "CVE-2016-7429", "mitigation": { "value": "If you are going to configure your OS to disable source address checks, also configure your firewall configuration to control what interfaces can receive packets from what networks.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.55, mariadb 10.0.31, mariadb 10.1.23, mariadb 10.2.6, mysql 5.5.55, mysql 5.7.18, mysql 5.6.36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3456\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3456\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" ], "name": "CVE-2017-3456", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000852\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000852" ], "name": "CVE-2018-1000852", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file." ], "statement": "This issue affects the versions of advancecomp as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8383\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8383" ], "name": "CVE-2019-8383", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-674", "details": [ "Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.", "An uncontrolled recursion flaw was found in libxkbcommon in the way it parses boolean expressions. A specially crafted file provided to xkbcomp could crash the application." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15853\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15853" ], "name": "CVE-2018-15853", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10078\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10078" ], "name": "CVE-2017-10078", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-13T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.", "A buffer over-read flaw was found in the GD library. A specially crafted GIF file could cause an application using the gdImageCreateFromGif() function to crash." ], "upstream_fix": "gd 2.1.1, php 5.5.21, php 5.6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9709\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9709" ], "name": "CVE-2014-9709", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-94|CWE-400)", "details": [ "A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.", "A flaw was found in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server." ], "statement": "This flaw can be exploited by an unauthenticated attacker (PR:N) who could create a specially crafted \"krbPrincipalKey\" and send it to the IPA server (AV:N). The attack is relatively easy to conduct (AC:L), since all the attacker requires is a string which is long enough to write beyond the limits of the buffer on the stack. User interaction is required for the attack (UI:N). End result in a crash in the IPA server causing denial of service or in some conditions may also result in remote code execution with the permissions of the user running the IPA server (CIA:H).", "acknowledgement": "Red Hat would like to thank Todd Lipcon (Cloudera) for reporting this issue.", "upstream_fix": "FreeIPA 4.7.4, FreeIPA 4.8.3, FreeIPA 4.6.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14867\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14867\nhttps://www.freeipa.org/page/Releases/4.6.7\nhttps://www.freeipa.org/page/Releases/4.7.4\nhttps://www.freeipa.org/page/Releases/4.8.3" ], "name": "CVE-2019-14867", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-352", "details": [ "The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.", "A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack." ], "upstream_fix": "tomcat 8.0.32, tomcat 7.0.68", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5351\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5351\nhttp://seclists.org/bugtraq/2016/Feb/148" ], "name": "CVE-2015-5351", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-08-18T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-297", "details": [ "org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a \"CN=\" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the \"foo,CN=www.apache.org\" string in the O field.", "It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name (CN) field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate." ], "statement": "Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/solutions/1165533\nThis issue affects the versions of HttpComponents Client as shipped with Red Hat JBoss Data Grid 6 and Red Hat JBoss Data Virtualization 6; and ModeShape Client as shipped with Red Hat JBoss Data Virtualization 6. However, this flaw is not known to be exploitable under any supported scenario in Red Hat JBoss Data Grid 6 and JBoss Data Virtualization 6. A future update may address this issue.\nRed Hat JBoss Enterprise Application Platform 4, Red Hat JBoss SOA Platform 4, and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/\nFuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/", "upstream_fix": "httpcomponents-client 4.3.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3577\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3577" ], "name": "CVE-2014-3577", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.", "The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "upstream_fix": "kernel 4.14.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6927\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6927" ], "name": "CVE-2018-6927", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-14T12:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "A flaw was found in the \"Leaf and Chain\" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle.", "A flaw was found in the \"Leaf and Chain\" OCSP policy implementation in JSS' CryptoManager, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle." ], "statement": "Red Hat Certificate System 9.4 and above use the vulnerable policy.\nRed Hat Enterprise Satellite 6 does not ship a vulnerable version of the JSS library.", "acknowledgement": "Red Hat would like to thank Alexander Scheel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14823\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14823" ], "name": "CVE-2019-14823", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.", "A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection." ], "upstream_fix": "openssl 1.0.2i, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2181\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2181\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2181", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jukka Jylänki as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4484\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4484\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-87.html" ], "name": "CVE-2015-4484", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4872\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4872\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4872", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-12-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.", "A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20054\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20054" ], "name": "CVE-2019-20054", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-09-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1567\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1567\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-72.html" ], "name": "CVE-2014-1567", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-138", "details": [ "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11717\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11717\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11717" ], "name": "CVE-2019-11717", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file." ], "upstream_fix": "exempi 2.4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18236\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18236" ], "name": "CVE-2017-18236", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability." ], "upstream_fix": "e2fsprogs 1.45.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5188\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5188" ], "name": "CVE-2019-5188", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.", "A heap overflow vulnerability was found in OpenSLP. An attacker could use this flaw to gain remote code execution." ], "statement": "This issue did not affect the versions of openslp as shipped with Red Hat Enterprise Linux 8 as they did not include the slpd service component.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5544\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5544\nhttps://www.vmware.com/security/advisories/VMSA-2019-0022.html" ], "name": "CVE-2019-5544", "mitigation": { "value": "There is no known mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).", "Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root." ], "acknowledgement": "This issue was discovered by Red Hat Product Security.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3312\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3312" ], "name": "CVE-2017-3312", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.", "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service." ], "upstream_fix": "389-ds-base 1.3.6.14, 389-ds-base 1.3.7.10, 389-ds-base 1.4.0.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1054\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1054\nhttps://pagure.io/389-ds-base/issue/49545" ], "name": "CVE-2018-1054", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Christoph Diehl, Jason Kratzer, Julian Hector, Kannan Vijayan, Randell Jesup, Ronald Crane, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5150\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5150\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5150" ], "name": "CVE-2018-5150", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-21T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML." ], "upstream_fix": "mariadb 5.5.41, mariadb 10.0.16, mysql 5.5.41, mysql 5.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6568\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6568\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL" ], "name": "CVE-2014-6568", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.", "A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container." ], "acknowledgement": "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Clay Gerrard (SwiftStack) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1856\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1856" ], "name": "CVE-2015-1856", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page." ], "upstream_fix": "chromium-browser 67.0.3396.62", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6126\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6126\nhttps://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" ], "name": "CVE-2018-6126", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jose Martinez and Romina Santillan as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1957\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1957\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-20.html" ], "name": "CVE-2016-1957", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-17T17:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.", "An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size (MSS) of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increases the Linux kernel's resource (CPU, Memory, and Bandwidth) utilization. A remote attacker could use this flaw to cause a denial of service (DoS) by repeatedly sending network traffic on a TCP connection with low TCP MSS." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack\nRed Hat Enterprise Linux 5 is now in the Extended Life Phase of maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Jonathan Looney (Netflix Information Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11479\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11479\nhttps://patchwork.ozlabs.org/project/netdev/list/?series=114310\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5" ], "name": "CVE-2019-11479", "mitigation": { "value": "For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-13T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.", "It was found that in Linux kernel the mount table expands by a power-of-two with each bind mount command. If a system is configured to allow non-privileged user to do bind mounts, or allows to do so in a container or unprivileged mount namespace, then non-privileged user is able to cause a local DoS by overflowing the mount table, which causes a deadlock for the whole system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2 as of now due to the absence of unprivileged mount name spaces support.\nNevertheless, the unprivileged mount name spaces might be added to a future RHEL-7 version as a supported feature, so future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by Qian Cai (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6213\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6213" ], "name": "CVE-2016-6213", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards (release v3.0.2 onwards) contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes() that can result in a crash (denial of service). This attack appears to be exploitable via the victim opening a specially crafted 7zip file." ], "statement": "This vulnerability is present in the libarchive package included in Red Hat Virtualization Hypervisor, however it is never exposed to archives created by attackers or users, so the vulnerability can not be exploited.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1000019\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1000019" ], "name": "CVE-2019-1000019", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.", "An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." ], "upstream_fix": "libreoffice 5.2.5, libreoffice 5.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7870\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7870" ], "name": "CVE-2017-7870", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCore/threshold.c in AdaptiveThresholdImage because a width of zero is mishandled.", "A heap-based buffer over-read was discovered in ImageMagick in the way it selects an individual threshold for each pixel based on the range of intensity values in its local neighborhood due to a width of zero mishandle error. Applications compiled against ImageMagick libraries that accept untrustworthy images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or leak application data." ], "upstream_fix": "ImageMagick 7.0.8-50, ImageMagick 6.9.10-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13295\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13295" ], "name": "CVE-2019-13295", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges cure53 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7847\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7847\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847" ], "name": "CVE-2017-7847", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.", "It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0466\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0466\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0466", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382." ], "upstream_fix": "mariadb 10.0.16, mariadb 5.5.41, mysql 5.6.22, mysql 5.5.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0381\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0381\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL" ], "name": "CVE-2015-0381", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-13T21:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.", "A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the \"Lazy FPU Restore\" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7, and Red Hat Enterprise MRG 2 may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and\nmaintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat Enterprise Linux Life\nCycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3665\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3665\nhttp://www.openwall.com/lists/oss-security/2018/06/15/5\nhttps://access.redhat.com/solutions/3485131\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html" ], "name": "CVE-2018-3665", "mitigation": { "value": "RHEL-7 will automatically default to (safe) “eager” floating point register restore on Sandy Bridge and newer Intel processors. AMD processors are not affected. You can mitigate this issue on older processors by booting the kernel with the 'eagerfpu=on' parameter to enable eager FPU restore mode. In this mode FPU state is saved and restored for every task/context switch regardless of whether the current process invokes FPU instructions or not. The parameter does not affect performance negatively, and can be applied with no adverse effects to processors that are not affected.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-08-03T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", "It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate." ], "upstream_fix": "curl 7.50.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5420\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5420\nhttps://curl.haxx.se/docs/adv_20160803B.html" ], "name": "CVE-2016-5420", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-07T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-456", "details": [ "chrony before 1.31.1 does not initialize the last \"next\" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a large number of command requests.", "An uninitialized pointer use flaw was found when allocating memory to save unacknowledged replies to authenticated command requests. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process." ], "acknowledgement": "This issue was discovered by Miroslav Lichvár (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1822\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1822" ], "name": "CVE-2015-1822", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-672", "details": [ "Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.", "Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18281\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18281" ], "name": "CVE-2018-18281", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.", "A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity." ], "statement": "Red Hat Enterprise Linux 8.3 (pki-core 10.9.4) contains mitigations that prevents the vulnerability to be exploited. Red Hat Enterprise Linux version 8 prior to 8.3 are vulnerable to this version", "upstream_fix": "pki-core 10.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25715\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25715" ], "name": "CVE-2020-25715", "mitigation": { "value": "Because the cross-site scripting (XSS) attack requires the victim to have their RHCS certificate installed in their web browser to be successful, it is recommended that web browser not hold the keys and that the user use the command line interface (CLI) instead.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-456", "details": [ "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.", "It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server." ], "upstream_fix": "httpd 2.2.34, httpd 2.4.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9788\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9788\nhttps://httpd.apache.org/security/vulnerabilities_22.html#2.2.34\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" ], "name": "CVE-2017-9788", "mitigation": { "value": "If you do not use digest authentication, do not load the \"auth_digest_module\".\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.", "A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget." ], "statement": "This is the same issue as CVE-2017-5645. MITRE has CVE-2017-5645 to a similar flaw found in log4j-2.x. The flaw found in log4j-1.2 has been assigned CVE-2019-17571. CVE-2019-17571 has been addressed in Red Hat Enterprise Linux via RHSA-2017:2423.\nAlso the rh-java-common-log4j package shipped with Red Hat Software Collections was addressed via RHSA-2017:1417\nIn Satellite 5.8, although the version of log4j as shipped in the nutch package is affected, nutch does not load any of the SocketServer classes from log4j. Satellite 5 is considered not vulnerable to this flaw since the affected code can not be reached.", "upstream_fix": "log4j 2.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17571\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17571" ], "name": "CVE-2019-17571", "mitigation": { "value": "Please note that the Log4j upstream strongly recommends against using the SerializedLayout with the SocketAppenders. Customers may mitigate this issue by removing the SocketServer class outright; or if they must continue to use SocketAppenders, they can modify their SocketAppender configuration from SerializedLayout to use JsonLayout instead. An example of this in log4j-server.properties might look like this:\nlog4j.appender.file.layout=org.apache.log4j.JsonLayout", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake." ], "statement": "This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13080\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13080\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13080", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-407", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4803\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4803\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4803", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "(CWE-190|CWE-119)", "details": [ "Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4479\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4479\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-83.html" ], "name": "CVE-2015-4479", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.", "An out-of-bounds flaw was found in the ALSA usb-audio subsystem in the Linux kernel. An array boundary check was needed to restrict the array size; failing this can cause an out-of-bound access problem. Data confidentiality and integrity, as well as system availability, are all threats with this vulnerability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15927\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15927" ], "name": "CVE-2019-15927", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-13T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.", "A flaw was found in the Linux kernel where a crash can be triggered from unprivileged userspace during core dump on a POWER system with a certain configuration. This is due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path leading to a denial of service." ], "upstream_fix": "kernel-3.10.0 862.1.1.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1091\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1091" ], "name": "CVE-2018-1091", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.", "A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10200\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10200" ], "name": "CVE-2016-10200", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14583\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14583" ], "name": "CVE-2020-14583", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.2.10, mariadb 10.1.29, mariadb 5.5.58, mariadb 10.0.33, mysql 5.7.12, mysql 5.5.58, mysql 5.6.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10378\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10378\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL" ], "name": "CVE-2017-10378", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7922\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7922" ], "name": "CVE-2016-7922", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.", "A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.3.5, ruby 2.4.2, ruby 2.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0898\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0898\nhttps://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/" ], "name": "CVE-2017-0898", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.", "It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10844\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10844\nhttps://eprint.iacr.org/2018/747" ], "name": "CVE-2018-10844", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object." ], "upstream_fix": "binutils 2.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7208\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7208" ], "name": "CVE-2018-7208", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anonymous as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5095\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5095\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095" ], "name": "CVE-2018-5095", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8666\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8666\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8666", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information." ], "statement": "Red Hat Virtualization images include wpa_supplicant as a component from the base Red Hat Enterprise Linux operating system, but use of Red Hat Virtualization on a wireless network is neither recommended nor supported. A future update may address this issue.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14526\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14526" ], "name": "CVE-2018-14526", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6531\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6531\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6531", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-172", "details": [ "By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ahmed Elsobky (@0xSobky) as the original reporter.", "upstream_fix": "thunderbird 68.8.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12397\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12397\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397" ], "name": "CVE-2020-12397", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of \"Just in Time\" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.", "A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of \"Just in Time\" Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10846\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10846\nhttps://eprint.iacr.org/2018/747" ], "name": "CVE-2018-10846", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator." ], "upstream_fix": "glibc 2.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15804\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15804" ], "name": "CVE-2017-15804", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5376\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5376\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376" ], "name": "CVE-2017-5376", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally." ], "upstream_fix": "python 2.7.17, python 3.7.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16056\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16056" ], "name": "CVE-2019-16056", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.", "It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections." ], "upstream_fix": "squid 3.5.23, squid 4.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10002\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10002\nhttp://www.squid-cache.org/Advisories/SQUID-2016_11.txt" ], "name": "CVE-2016-10002", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-552", "details": [ "The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.", "It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed." ], "upstream_fix": "tomcat 7.0.67, tomcat 6.0.45, tomcat 8.0.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5345\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5345\nhttp://seclists.org/bugtraq/2016/Feb/146" ], "name": "CVE-2015-5345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8676\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8676\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8676", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-28T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.", "A flaw was found in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Hiroki MATSUKUMA (Cyber Defense Institute) as the original reporter.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14811" ], "name": "CVE-2019-14811", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.", "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, as a code with the flaw is not present or is not built in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17449\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17449" ], "name": "CVE-2017-17449", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-805->CWE-125", "details": [ "In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132" ], "upstream_fix": "libexif 0.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0093\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0093" ], "name": "CVE-2020-0093", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-95", "details": [ "ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with 'CWE-787", "details": [ "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3857\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3857\nhttps://www.libssh2.org/CVE-2019-3857.html" ], "name": "CVE-2019-3857", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error." ], "upstream_fix": "ImageMagick 7.0.8-50, ImageMagick 6.9.10-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13301\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13301" ], "name": "CVE-2019-13301", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-12T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7665\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7665" ], "name": "CVE-2019-7665", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." ], "upstream_fix": "mariadb 5.5.53, mariadb 10.0.28, mariadb 10.1.19, mysql 5.5.57, mysql 5.7.19, mysql 5.6.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3651\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3651\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" ], "name": "CVE-2017-3651", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-09T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-121", "details": [ "Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow." ], "statement": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4975\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4975" ], "name": "CVE-2014-4975", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.", "A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Anat Bremler-Barr (Interdisciplinary Center (IDC), Herzliya), and Lior Shafir and Yehuda Afek (Tel Aviv University) as the original reporters.", "upstream_fix": "bind 9.11.19, bind 9.14.12, bind 9.16.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8616\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8616\nhttps://kb.isc.org/docs/cve-2020-8616\nhttps://www.theregister.co.uk/2020/05/21/nxnaattack_bug_disclosed/" ], "name": "CVE-2020-8616", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges SkyLined as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7753\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7753\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7753" ], "name": "CVE-2017-7753", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-31T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:C/A:N", "status": "verified" }, "cwe": "CWE-362", "details": [ "Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.", "A flaw was found in the Linux kernel when attempting to \"punch a hole\" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 kernels.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8839\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8839" ], "name": "CVE-2015-8839", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bogdan Tara, Gary Kwong, Jan Varga, Jan de Mooij, Jason Kratzer, Olli Pettay, Ronald Crane, Ted Campbell, Tim Guan-tin Chien, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9800\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9800\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800" ], "name": "CVE-2019-9800", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-617", "details": [ "The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 allows remote attackers to cause a denial of service (assertion failure) via a crafted image file." ], "upstream_fix": "jasper 1.900.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9390\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9390" ], "name": "CVE-2016-9390", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-200", "details": [ "The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character.", "A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol (HIDP). A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can leak potentially sensitive information from the kernel stack memory via a HIDPCONNADD command because a name field may not be correctly NULL terminated." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11884\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11884" ], "name": "CVE-2019-11884", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4731\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4731\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4731", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10772\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10772" ], "name": "CVE-2018-10772", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2590\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2590\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2590", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5170\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5170\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170" ], "name": "CVE-2018-5170", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-11T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-190", "details": [ "The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.", "It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue did affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. This issue\nhas been addressed in the respective releases.", "acknowledgement": "Red Hat would like to thank Mellanox for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8159\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8159" ], "name": "CVE-2014-8159", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-27T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.", "A vulnerability in MMSE dissector allows Wireshark to loop infinitely when parsing a specially crafted pcap file. Remote attacker could cause a denial of service to Wireshark by injecting malicious packets into the network that are automatically processed." ], "statement": "This issue affects the versions of wireshark as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "wireshark 2.4.11, wireshark 2.6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19622\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19622\nhttps://www.wireshark.org/security/wnpa-sec-2018-54.html" ], "name": "CVE-2018-19622", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-672", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15691\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15691" ], "name": "CVE-2019-15691", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-01-07T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "details": [ "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.", "An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel package as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4027\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4027" ], "name": "CVE-2014-4027", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer." ], "upstream_fix": "mariadb 10.1.10, mariadb 10.0.23, mariadb 5.5.47, mysql 5.5.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0651\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0651\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0651", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10243\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10243\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA" ], "name": "CVE-2017-10243", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-13T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-200", "details": [ "In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11037\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11037" ], "name": "CVE-2018-11037", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-377", "details": [ "libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL." ], "upstream_fix": "libqb 1.0.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12779\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12779" ], "name": "CVE-2019-12779", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-12-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a large width field in a BMP image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8668\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8668" ], "name": "CVE-2015-8668", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8623\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8623\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8623", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-611", "details": [ "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", "It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system." ], "acknowledgement": "This issue was discovered by Daniel P. Berrange (Red Hat).", "upstream_fix": "libxml2 2.9.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0191\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0191" ], "name": "CVE-2014-0191", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", "It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 0.9.8zd, OpenSSL 1.0.0p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3572\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3572\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-3572", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.", "A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops)." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise\nLinux 5,6,7, MRG-2 and realtime kernels.\nRed Hat Enterprise Linux 5 has transitioned to Production phase 3. \nDuring the Production 3 Phase, Critical impact Security Advisories (RHSAs) \nand selected Urgent Priority Bug Fix Advisories (RHBAs) may be released \nas they become available.\nAt this time this bug is not meet this critera and is unlikley to be fixed\nfor these releases.\nThe official life cycle policy can be reviewed here:\nhttp://redhat.com/rhel/lifecycle\nFuture Linux kernel updates for the products in production phase 1 and 2, namely Red Hat Enterprise\nLinux 6, 7 and MRG-2 may address this issue.", "upstream_fix": "kernel 4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15274\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15274" ], "name": "CVE-2017-15274", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.", "Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server." ], "statement": "Red Hat OpenStack Platform currently only utilizes the client and python client API bindings, not the server components of openwsman. Additionally, updates for this package are received through the Red Hat Enterprise Linux repository.\nRed Hat Enterprise Virtualization uses only the openwsman-python client API bindings, not the server components of openwsman.\nThis issue affects the versions of openwsman as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank NEC Corporation for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3816" ], "name": "CVE-2019-3816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-25T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap-based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5652\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5652\nhttp://www.talosintelligence.com/reports/TALOS-2016-0187/" ], "name": "CVE-2016-5652", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7751\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7751\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751" ], "name": "CVE-2017-7751", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-09-27T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-285->CWE-770->CWE-305", "details": [ "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.", "It was found that the Gnome shell did not disable the Print Screen key when the screen was locked. This could allow an attacker with physical access to a system with a locked screen to crash the screen-locking application by creating a large amount of screenshots." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7300\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7300" ], "name": "CVE-2014-7300", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "On pages containing an iframe, the \"data:\" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jose María Acuña as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7791\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7791\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7791" ], "name": "CVE-2017-7791", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", "The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2634\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2634" ], "name": "CVE-2018-2634", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\nWe recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url", "A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim." ], "upstream_fix": "kernel 6.1-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42896\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42896\nhttps://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4" ], "name": "CVE-2022-42896", "mitigation": { "value": "This flaw can be mitigated by disabling Bluetooth on the operating system level. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. For instructions on how to disable Bluetooth on RHEL please refer to https://access.redhat.com/solutions/2682931.\nAlternatively Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-15T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-172", "details": [ "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.", "Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks." ], "upstream_fix": "httpd 2.4.16, httpd 2.2.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3183\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3183" ], "name": "CVE-2015-3183", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.", "A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker could submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in turn allowed the attacker to run arbitrary code on the CUPS server." ], "statement": "This issue affects the version of cups package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank CERT/CC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1158\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1158" ], "name": "CVE-2015-1158", "mitigation": { "value": "Disabling the cups web interface significantly reduces the impact of this security flaw.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in the function parseChars() in compileTranslationTable.c, that will lead to denial of service or possibly unspecified other impact." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13740\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13740" ], "name": "CVE-2017-13740", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15690\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15690" ], "name": "CVE-2019-15690", "mitigation": { "value": "Libvncserver should not be used to connect to untrusted server.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.", "An out of bounds (OOB) memory access flaw was found in i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c in I2C subsystem. A read request for length (data->block[0]) greater than 'I2C_SMBUS_BLOCK_MAX + 1' may cause underlying I2C driver write out of array's boundary. This could allow a local attacker with special user privilege (or root) to crash the system or leak kernel internal information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18551\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18551" ], "name": "CVE-2017-18551", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-28T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file." ], "upstream_fix": "libtiff 4.0.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8870\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8870" ], "name": "CVE-2015-8870", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function.", "Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit." ], "upstream_fix": "ntp 4.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9295\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9295\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_crypto_recv\nhttps://access.redhat.com/articles/1305723" ], "name": "CVE-2014-9295", "mitigation": { "value": "Add these lines (included by default starting with Red Hat Enterprise Linux 5) to the configuration file /etc/ntp.conf:\nrestrict default kod nomodify notrap nopeer noquery\nrestrict -6 default kod nomodify notrap nopeer noquery\nrestrict 127.0.0.1 \nrestrict -6 ::1\nThis restricts server-type functionality to localhost. If ntpd needs to perform time service for specific hosts and networks, you have to list them with suitable restrict statements.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges André Bargull as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5297\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5297\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-5297", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.", "The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AF_ALG-based skcipher interface to cause a denial of service (uninitialized-memory free and kernel crash) or have an unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 are vulnerable." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "upstream_fix": "kernel 4.14.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17805\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17805" ], "name": "CVE-2017-17805", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5259\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5259\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-73.html" ], "name": "CVE-2016-5259", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17961\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17961" ], "name": "CVE-2018-17961", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.", "A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7805\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7805" ], "name": "CVE-2017-7805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12599\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12599" ], "name": "CVE-2018-12599", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2799\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2799" ], "name": "CVE-2018-2799", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file." ], "statement": "Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8804\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8804" ], "name": "CVE-2018-8804", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML." ], "upstream_fix": "mariadb 5.5.49, mariadb 10.1.14, mariadb 10.0.25, mysql 5.7.12, mysql 5.5.49, mysql 5.6.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0643\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0643\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0643", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-228->CWE-476", "details": [ "bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a \"split file in multivolume RAR,\" which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.", "A vulnerability was found in libarchive. A specially crafted RAR file could cause the application dereference a NULL pointer, leading to a crash." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8916\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8916" ], "name": "CVE-2015-8916", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.", "A flaw was found in FreeRDP in versions between 1.0 and 2.0.0. An integer overflow was found in the region.c function which could allow an attacker the ability to control the RDP server as well as the data sent to the client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11523\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11523" ], "name": "CVE-2020-11523", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an \"MMU potential stack buffer overrun.\"", "The Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled (nested=1), was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual address(gva). An L1 guest could use this flaw to crash the host kernel resulting in denial of service (DoS) or potentially execute arbitrary code on the host to gain privileges on the system." ], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12188\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12188" ], "name": "CVE-2017-12188", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15127\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15127\nhttps://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/" ], "name": "CVE-2018-15127", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000074\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000074\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000074", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16392\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16392\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16392", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8583\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8583\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8583", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-129->CWE-119", "details": [ "Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.", "A flaw was found in the way the json module handled negative index argument passed to certain functions (such as raw_decode()). An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory." ], "statement": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 7, the versions of python-simplejson as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of python33-python and python33-python-simplejson as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. Future updates may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "python 2.7.7, python 3.3.6, python 3.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4616\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4616" ], "name": "CVE-2014-4616", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.", "A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos." ], "statement": "This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4343\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4343" ], "name": "CVE-2014-4343", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-06T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-193", "details": [ "An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression." ], "statement": "This issue affects the versions of libmspack as shipped with Red Hat Enterprise Linux 7.", "upstream_fix": "libmspack 0.7alpha", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14682\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14682" ], "name": "CVE-2018-14682", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14621\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14621" ], "name": "CVE-2020-14621", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML." ], "upstream_fix": "mariadb 5.5.51, mariadb 10.0.27, mysql 5.5.51, mysql 5.7.14, mysql 5.6.32", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5612\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5612\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881724.html#AppendixMSQL" ], "name": "CVE-2016-5612", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5162\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5162\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162" ], "name": "CVE-2018-5162", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.", "A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions." ], "acknowledgement": "Red Hat would like to thank Johannes Wikner (ETH Zürich) and Kaveh Razavi (ETH Zürich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-23816\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23816\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037" ], "name": "CVE-2022-23816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.", "An integer overflow flaw was found in the way the X.Org server calculated memory requirements for certain DRI2 extension requests. A malicious, authenticated client could use this flaw to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8094\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8094\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8094", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-31T13:41:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.", "It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox." ], "acknowledgement": "Red Hat would like to thank Imre Rad for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10185\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10185" ], "name": "CVE-2019-10185", "mitigation": { "value": "No known mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", "A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability." ], "statement": "The glibc version shipped with Red Hat Enterprise Linux 8 is compiled using gcc's stack-protector option which mitigates the possibility of code execution led by the stack corruption.\nThe glibc version shipped with Red Hat Enterprise Linux 7 is more difficult to exploit using this flaw, specifically for remote code execution. Because exploitation of the flaw depends on the usage of pseudo-zero values, an attacker can only overwrite the stack with 0s. Due to this, a valid address value for code execution is difficult to get and is likely to only result in a crash.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10029\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10029" ], "name": "CVE-2020-10029", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-28T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.", "It is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Tetsuo Handa for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2847\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2847" ], "name": "CVE-2016-2847", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-19T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-770", "details": [ "Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.", "It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made." ], "upstream_fix": "tomcat 8.0.9, tomcat 6.0.44, tomcat 7.0.55", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0230\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0230\nhttp://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9" ], "name": "CVE-2014-0230", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the \"Dragonblood\" attack and CVE-2019-9494.", "An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks." ], "statement": "This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 5, and 6 as they did not include support for EAP-pwd.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13456\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13456" ], "name": "CVE-2019-13456", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-28T00:00:00Z", "cvss": { "cvss_base_score": "5.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8895\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8895" ], "name": "CVE-2015-8895", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.", "An out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16062\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16062" ], "name": "CVE-2018-16062", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-26T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.", "An information leak was discovered in the Linux kernel in cdrom_ioctl_drive_status() function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16658\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16658" ], "name": "CVE-2018-16658", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6520\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6520" ], "name": "CVE-2014-6520", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.", "A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution." ], "upstream_fix": "icoutils 0.31.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5208\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5208" ], "name": "CVE-2017-5208", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.", "An error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5803\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5803" ], "name": "CVE-2018-5803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-30T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.", "It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2179\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2179\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2179", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-04-07T00:00:00Z", "cvss3": { "cvss3_base_score": "3.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "status": "verified" }, "details": [ "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation." ], "statement": "This issue only affects systems which use a remote recursive resolver and enable EDNS0, either with the “edns0” option in /etc/resolv.conf, or using the RES_USE_EDNS0 or RES_USE_DNSSEC resolver flags. The underlying issue affects recursive resolvers such as BIND and Unbound as well, and has to be fixed separately there.", "upstream_fix": "glibc 2.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12132\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12132" ], "name": "CVE-2017-12132", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka \"Predictor heap-buffer-overflow.\"" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9535\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9535" ], "name": "CVE-2016-9535", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1." ], "statement": "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges l00p3r as the original reporter.", "upstream_fix": "curl 7.65.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5436\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5436\nhttps://curl.haxx.se/docs/CVE-2019-5436.html" ], "name": "CVE-2019-5436", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4734\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4734\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4734", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5155\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5155\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155" ], "name": "CVE-2018-5155", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-14T17:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.", "Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3620\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3620\nhttps://access.redhat.com/articles/3562741\nhttps://access.redhat.com/security/vulnerabilities/L1TF\nhttps://foreshadowattack.eu/\nhttps://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault\nhttps://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow\nhttps://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know" ], "csaw": true, "name": "CVE-2018-3620" }, { "threat_severity": "Important", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14593\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14593" ], "name": "CVE-2020-14593", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7554\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7554" ], "name": "CVE-2015-7554", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.", "A vulnerability was found in libarchive. A specially crafted ZIP file could cause a few bytes of application memory in a 256-byte region to be disclosed." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8923\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8923" ], "name": "CVE-2015-8923", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000079\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000079\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000079", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-03-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-172->CWE-697->CWE-295", "details": [ "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.", "It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid." ], "upstream_fix": "nss 3.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1492\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1492" ], "name": "CVE-2014-1492", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1574\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1574\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-74.html" ], "name": "CVE-2014-1574", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.", "It was found that glusterfs server is vulnerable to mulitple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10907\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10907" ], "name": "CVE-2018-10907", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A potentially exploitable crash in \"EnumerateSubDocuments\" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Philipp as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9905\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9905\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9905" ], "name": "CVE-2016-9905", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.", "An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file." ], "acknowledgement": "This issue was discovered by Francisco Alonso (Red Hat Product Security).", "upstream_fix": "file 5.22, php 5.5.19, php 5.6.3, php 5.4.35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3710\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3710" ], "name": "CVE-2014-3710", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2999\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2999" ], "name": "CVE-2019-2999", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-25T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.", "It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application." ], "acknowledgement": "Red Hat would like to thank Gustavo Grieco for reporting this issue.", "upstream_fix": "xerces-c 3.1.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0729\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0729\nhttp://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt" ], "name": "CVE-2016-0729", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-25T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-73", "details": [ "The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.", "It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals)." ], "acknowledgement": "This issue was discovered by Miroslav Lichvár (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7703\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7703" ], "name": "CVE-2015-7703", "mitigation": { "value": "Disable remote runtime configuration with ntpq or ntpdc. In the default NTP configuration on Red Hat Enterprise Linux, runtime configuration with ntpq or ntpdc is limited to localhost.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18267\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18267" ], "name": "CVE-2017-18267", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Iain Ireland as the original reporter.", "upstream_fix": "thunderbird 68.9.0, firefox 68.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12406\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12406\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406" ], "name": "CVE-2020-12406", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file." ], "upstream_fix": "gstreamer1-plugins-base 1.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9811\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9811" ], "name": "CVE-2016-9811", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-11T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"", "It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0772\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0772" ], "name": "CVE-2016-0772", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-24T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-444", "details": [ "In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.", "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability." ], "statement": "OpenDaylight in Red Hat OpenStack 10 & 13 was in technical preview status, because of this no fixes will be released for it.\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.", "acknowledgement": "Red Hat would like to thank @ZeddYu (Apache Tomcat Security Team) for reporting this issue.", "upstream_fix": "tomcat 9.0.31, tomcat 8.5.51, tomcat 7.0.100", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1935\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1935\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51\nhttps://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31" ], "name": "CVE-2020-1935", "mitigation": { "value": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\nFor other Red Hat products, either mitigation isn't available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "(CWE-295|CWE-296)", "details": [ "It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.", "It was discovered evolution-ews does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference." ], "upstream_fix": "evolution-ewx 3.31.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3890\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3890" ], "name": "CVE-2019-3890", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.", "An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Applications that just use GBytes to access the data are affected by this flaw but the highest threat is to data confidentiality and/or the application availability, due to possible out-of-bounds reads. However, if the data in GBytes is taken through functions such as g_bytes_unref_to_data or g_bytes_unref_to_array it might be possible to have out-of-bounds writes due to the wrongly reported size of the buffer.\nApplications that use g_memdup to duplicate memory with user-controlled sizes should pay extra attention to the fact that g_memdup accepts a guint size instead of gsize. Thus directly passing a gsize value to g_memdup may results in integer truncation, allocating a buffer smaller than expected.", "upstream_fix": "glib 2.67.3, glib 2.66.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27219\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27219" ], "name": "CVE-2021-27219", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in the resp_new function in http.c via a \\r\\n sequence in a continuation line.", "A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains." ], "upstream_fix": "wget 1.19.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0494\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0494" ], "name": "CVE-2018-0494", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9791\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9791\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791" ], "name": "CVE-2019-9791", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1576\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1576\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-75.html" ], "name": "CVE-2014-1576", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10194\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10194" ], "name": "CVE-2018-10194", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.", "Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid." ], "upstream_fix": "squid 3.5.17, squid 4.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4052\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4052\nhttp://www.squid-cache.org/Advisories/SQUID-2016_6.txt" ], "name": "CVE-2016-4052", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.", "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10881\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10881" ], "name": "CVE-2018-10881", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-10T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-626", "details": [ "PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.", "It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions." ], "upstream_fix": "php 5.5.25, php 5.4.41, php 5.6.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4025\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4025" ], "name": "CVE-2015-4025", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041." ], "statement": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "upstream_fix": "bootstrap 3.4.0, bootstrap 4.0.0-beta.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10735\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10735" ], "name": "CVE-2016-10735", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.", "A memory leak flaw was found in the Linux kernel. An error in the resource cleanup of the sas_ex_discover_expander function can allow an attacker to induce error conditions that could crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (system-wide out-of-memory condition, high privileges or physical access).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15807\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15807" ], "name": "CVE-2019-15807", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abdulrahman Alqabandi as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11698\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11698\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698" ], "name": "CVE-2019-11698", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption." ], "upstream_fix": "mariadb 5.5.47, mariadb 10.0.23, mariadb 10.1.10, mysql 5.7.10, mysql 5.5.47, mysql 5.6.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0606\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0606\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0606", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3598\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3598\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3598", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.", "A man-in-the-middle vulnerability was found in the way \"connection signing\" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges Sernet.de and Stefan Metzmacher (Samba Team) as the original reporters.", "upstream_fix": "samba 4.1.22, samba 4.2.7, samba 4.3.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5296\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5296\nhttps://www.samba.org/samba/security/CVE-2015-5296.html" ], "name": "CVE-2015-5296", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-14T13:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands.", "A flaw was found in the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue. Upstream acknowledges Lukas Schauer and Paul Manfred as the original reporters.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14869\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14869" ], "name": "CVE-2019-14869", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2814\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2814" ], "name": "CVE-2018-2814", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-25T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.", "A flaw was discovered in the way Libreswan's IKE daemon processed IKE KE payloads. A remote attacker could send specially crafted IKE payload with a KE payload of g^x=0 that, when processed, would lead to a denial of service (daemon crash)." ], "acknowledgement": "This issue was discovered by Paul Wouters (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3240\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3240\nhttps://libreswan.org/security/CVE-2015-3240/" ], "name": "CVE-2015-3240", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-22T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.", "An integer wraparound, leading to a buffer overflow, was found in Exempi in the way it handles Adobe Photoshop Images. An attacker could exploit this to cause a denial of service via a crafted image file." ], "upstream_fix": "exempi 2.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7730\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7730" ], "name": "CVE-2018-7730", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-06-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1541\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1541\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-52.html" ], "name": "CVE-2014-1541", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10089\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10089" ], "name": "CVE-2017-10089", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-377", "details": [ "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp.", "It was found that the ABRT debug information installer (abrt-action-install-debuginfo-to-abrt-cache) did not use temporary directories in a secure way. A local attacker could use the flaw to create symbolic links and files at arbitrary locations as the abrt user." ], "acknowledgement": "Red Hat would like to thank Philip Pettersson (Samsung) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5273\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5273" ], "name": "CVE-2015-5273", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "upstream_fix": "icedtea 2.4.7, icedtea 1.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2421\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2421\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2421", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T03:50:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).", "A vulnerability was found in Linux kernel's implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS)." ], "acknowledgement": "Red Hat would like to thank Vasily Averin (Virtuozzo) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10140\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10140" ], "name": "CVE-2019-10140", "mitigation": { "value": "Some systems may wish to use device-mapper as an alternative to overlayfs. This does not remove the flaw if overlayfs module is still in use.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-09T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." ], "upstream_fix": "tcpdump 4.7.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2155\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2155" ], "name": "CVE-2015-2155", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.", "A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls." ], "acknowledgement": "Red Hat would like to thank Evgenii Shatokhin (Virtuozzo Team) for reporting this issue.", "upstream_fix": "kernel 4.16-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1130\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1130" ], "name": "CVE-2018-1130", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-11T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-367", "details": [ "net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.", "A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2 and may be addressed in future updates. \nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8767\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8767" ], "name": "CVE-2015-8767", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.4", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.", "Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8093\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8093\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8093", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8609\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8609\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8609", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-470", "details": [ "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution." ], "upstream_fix": "glibc 2.25.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-16997\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16997" ], "name": "CVE-2017-16997", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.", "A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5344\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5344" ], "name": "CVE-2018-5344", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8769\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8769\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8769", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.", "An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14496\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14496\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14496" }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet." ], "statement": "This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "wireshark 1.12.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6245\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6245\nhttps://www.wireshark.org/security/wnpa-sec-2015-25" ], "name": "CVE-2015-6245", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2797\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2797" ], "name": "CVE-2018-2797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4871\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4871\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4871", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-23T00:00:00Z", "cvss": { "cvss_base_score": "2.7", "cvss_scoring_vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-172->CWE-393", "details": [ "The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.", "It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash." ], "statement": "This issue affects the versions of samba3x as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of samba and samba4 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of samba as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3493\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3493\nhttp://www.samba.org/samba/security/CVE-2014-3493" ], "name": "CVE-2014-3493", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." ], "statement": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20097\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20097" ], "name": "CVE-2018-20097", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-18T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.", "A flaw was found in the way the Linux kernel's ext4 file system handled the \"page size > block size\" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future updates in the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Xiong Zhou (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0275\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0275" ], "name": "CVE-2015-0275", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10101\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10101" ], "name": "CVE-2017-10101", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-20T12:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.", "An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability." ], "statement": "Any Red Hat product which relies on the Red Hat Enterprise Linux kernel is also potentially impacted. \nThis includes layered products such as OpenShift Container Platform, OpenStack, Red Hat Virtualization, and others.", "acknowledgement": "Red Hat would like to thank Qualys Research Team for reporting this issue.", "upstream_fix": "kernel 5.14 rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-33909\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33909\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b\nhttps://www.openwall.com/lists/oss-security/2021/07/20/1\nhttps://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt" ], "csaw": true, "name": "CVE-2021-33909", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-193", "details": [ "ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.", "A stack-based buffer overflow was discovered in ImageMagick in the way it writes PNM images due to a misplaced assignment. Applications compiled against ImageMagick libraries that accept untrustworthy images or write PNM images may be vulnerable to this flaw. An attacker could abuse this flaw by providing a specially crafted image to make the application crash or potentially execute code." ], "upstream_fix": "ImageMagick 7.0.8-50, ImageMagick 6.9.10-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13304\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13304" ], "name": "CVE-2019-13304", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jet Villegas and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5145\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5145\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5145" ], "name": "CVE-2018-5145", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-23T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-138", "details": [ "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.", "It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory." ], "statement": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5 and 7 as well as Red Hat Software Collections. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "python 3.3.6, python 2.7.8, python 3.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4650\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4650" ], "name": "CVE-2014-4650", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5440\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5440\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5440" ], "name": "CVE-2017-5440", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9631\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9631" ], "name": "CVE-2019-9631", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-29T17:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.", "A flaw was found in grub2. When handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size, the name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security Team) for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14309\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14309" ], "name": "CVE-2020-14309", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2698\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2698" ], "name": "CVE-2019-2698", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-15T00:00:00Z", "cvss": { "cvss_base_score": "1.7", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.", "A security flaw was found in the Linux kernel's networking subsystem that destroying the network interface with huge number of ipv4 addresses assigned keeps \"rtnl_lock\" spinlock for a very long time (up to hour). This blocks many network-related operations, including creation of new incoming ssh connections.\nThe problem is especially important for containers, as the container owner has enough permissions to trigger this and block a network access on a whole host, outside the container." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates, as the Linux containers which the flaw affects are not supported in these products. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Solar Designer (Openwall) and the Virtuozzo kernel team for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3156\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3156" ], "name": "CVE-2016-3156", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.", "It was discovered that ImageMagick does not properly release acquired memory when some error conditions occur in the WriteDPXImage() function. Applications compiled against ImageMagick libraries that accept untrustworthy images may be exploited to use all available memory and make them crash. An attacker could abuse this flaw by providing a specially crafted image and cause a Denial of Service by using all available memory." ], "upstream_fix": "ImageMagick 6.9.10-36, ImageMagick 7.0.8-36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12975\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12975" ], "name": "CVE-2019-12975", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8726\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8726\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8726", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file." ], "upstream_fix": "gstreamer1-plugins-base 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5844\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5844" ], "name": "CVE-2017-5844", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-214->CWE-200", "details": [ "libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.", "A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations, 'osinfo-install-script', accepts user and admin passwords via command line arguments. This could allow guest passwords to leak to other system users via a process listing." ], "acknowledgement": "This issue was discovered by Fabiano Fidêncio (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13313\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13313\nhttps://www.openwall.com/lists/oss-security/2019/07/08/3" ], "name": "CVE-2019-13313", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges bo13oy as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 68.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17017\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17017\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017" ], "name": "CVE-2019-17017", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Petr Cerny as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5469\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5469\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5469" ], "name": "CVE-2017-5469", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.", "An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10913\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10913" ], "name": "CVE-2018-10913", "mitigation": { "value": "SELinux mitigates this issue on Red Hat Gluster Storage 3. SELinux should be in enforcing mode only as permissive mode does not block attacks.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.", "A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system." ], "acknowledgement": "Red Hat would like to thank Hao Sun for reporting this issue.", "upstream_fix": "kernel 5.15-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4028\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4028\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74\nhttps://lkml.org/lkml/2021/10/4/697" ], "name": "CVE-2021-4028", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake." ], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6, as it does not support TDLS.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13086\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13086\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13086", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tsubasa Iinuma as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1965\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1965\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-28.html" ], "name": "CVE-2016-1965", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-295->CWE-287", "details": [ "An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.", "An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7562\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7562" ], "name": "CVE-2017-7562", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0687\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0687\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-0687", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-08T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-665", "details": [ "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.", "A vulnerability was found in Linux kernel. There is an information leak in file \"sound/core/timer.c\" of the latest mainline Linux kernel, the stack object “tread” has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4569\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4569\nhttp://comments.gmane.org/gmane.linux.kernel/2214250" ], "name": "CVE-2016-4569", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.", "A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary code execution on the server when these rules are being processed." ], "upstream_fix": "spamassassin 3.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11781\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11781\nhttps://mail-archives.apache.org/mod_mbox/spamassassin-announce/201809.mbox/raw/%3Cc57c0f41-742c-3c3e-249c-ae2614bf0d7d%40apache.org%3E/" ], "name": "CVE-2018-11781", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.", "A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query." ], "statement": "This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4049\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4049" ], "name": "CVE-2014-4049", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).", "A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Armis Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000410\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000410" ], "name": "CVE-2017-1000410", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "details": [ "An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ivan Fratric (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5465\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5465\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5465" ], "name": "CVE-2017-5465", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-09T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value." ], "upstream_fix": "tcpdump 4.7.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0261\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0261" ], "name": "CVE-2015-0261", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5281\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5281\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5281", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-129->CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11041\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11041" ], "name": "CVE-2020-11041", "mitigation": { "value": "Disable sound for the rdp session in the client.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-366", "details": [ "A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.", "A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. This flaw allows a local user to crash the system." ], "acknowledgement": "Red Hat would like to thank Norbert Slusarek for reporting this issue.", "upstream_fix": "kernel 5.18 rc9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1729\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1729" ], "name": "CVE-2022-1729", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2798\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2798\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2798", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.", "A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash." ], "upstream_fix": "krb5 1.14.1, krb5 1.13.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8630\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8630" ], "name": "CVE-2015-8630", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-04T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression." ], "statement": "Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 5, and 6.", "upstream_fix": "Wireshark 1.12.4, Wireshark 1.10.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2188\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2188" ], "name": "CVE-2015-2188", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-11T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:C/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.", "A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges." ], "statement": "This issue affects the versions of libvirt as shipped with Red Hat Enterprise Linux version 7 and Red Hat Gluster Storage 3.1. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5313\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5313" ], "name": "CVE-2015-5313", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.", "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host." ], "statement": "This issue affects the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 8, Red Hat OpenStack, Red Hat Virtualization and Red Hat Enterprise Linux Advanced Virtualization 8.", "acknowledgement": "Red Hat would like to thank Felipe Franciosi (nutanix.com), Peter Turschmid (nutanix.com), and Raphael Norwitz (nutanix.com) for reporting this issue.", "upstream_fix": "QEMU 4.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1711\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1711" ], "name": "CVE-2020-1711", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts)." ], "upstream_fix": "mariadb 10.1.21, mariadb 5.5.54, mariadb 10.0.29, mysql 5.6.35, mysql 5.7.17, mysql 5.5.54", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3317\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3317\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" ], "name": "CVE-2017-3317", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000476\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000476" ], "name": "CVE-2017-1000476", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file." ], "acknowledgement": "Red Hat would like to thank Josselin Feist for reporting this issue.", "upstream_fix": "jasper 1.900.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5221\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5221" ], "name": "CVE-2015-5221", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.", "A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-32399\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32399" ], "name": "CVE-2021-32399", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at the BIOS level which will also provide effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bruno Keith via Beyond Security's SecuriTeam Secure Disclosure program and Niklas Baumstark as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12387\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12387\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387" ], "name": "CVE-2018-12387", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.", "A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined with another vulnerability, it could allow execution of arbitrary code with the privileges of the user running Firefox." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jonas Jenwald as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2743\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2743\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-69.html" ], "name": "CVE-2015-2743", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.2.26, mariadb 10.1.41, mariadb 10.3.17, mariadb 10.4.7, mariadb 5.5.65, mysql 5.6.45, mysql 8.0.17, mysql 5.7.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2737\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2737\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" ], "name": "CVE-2019-2737", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue has been discovered in mpruett Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0. A heap-based buffer overflow in Expand3To4Module::run has occurred when running sfconvert." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17095\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17095" ], "name": "CVE-2018-17095", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Clary, Christian Holler, Liz Henry, Raul Gurzau, and Tyson Smith as the original reporters.", "upstream_fix": "thunderbird 68.5, firefox 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6800\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6800\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800" ], "name": "CVE-2020-6800", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service." ], "upstream_fix": "jasper 2.0.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000050\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000050" ], "name": "CVE-2017-1000050", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-613", "details": [ "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded." ], "upstream_fix": "httpd 2.4.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17199\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17199" ], "name": "CVE-2018-17199", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-02-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0836\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0836\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-11" ], "name": "CVE-2015-0836", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.", "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long." ], "upstream_fix": "tomcat 7.0.70, tomcat 8.5.3, tomcat 8.0.36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3092\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3092\nhttp://tomcat.apache.org/security-7.html\nhttp://tomcat.apache.org/security-8.html" ], "name": "CVE-2016-3092", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.", "An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application." ], "upstream_fix": "php 5.6.30, php 7.0.15, php 7.1.1, gd 2.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10168\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10168" ], "name": "CVE-2016-10168", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-04T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.", "An integer underflow flaw, leading to a buffer over-read, was found in the way wpa_supplicant handled WMM Action frames. A specially crafted frame could possibly allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash." ], "upstream_fix": "hostapd 2.5, wpa_supplicant 2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4142\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4142\nhttp://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt" ], "name": "CVE-2015-4142", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-29T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-77", "details": [ "Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.", "It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank Blake Burkhart for reporting this issue.", "upstream_fix": "mercurial 3.7.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3068\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3068\nhttps://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29" ], "name": "CVE-2016-3068", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX." ], "upstream_fix": "gstreamer1-plugins-base 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5839\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5839" ], "name": "CVE-2017-5839", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges André Bargull, Christian Holler, Gary Kwong, Jan de Mooij, Oriol, and Tom Schuster as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5373\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5373\nhttps://www.mozilla.org/security/announce/2017/mfsa2016-01/#CVE-2017-5373" ], "name": "CVE-2017-5373", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.2.8, mariadb 10.1.26, mariadb 5.5.57, mariadb 10.0.32, mysql 5.6.38, mysql 5.7.20, mysql 5.5.58", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10384\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10384\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL" ], "name": "CVE-2017-10384", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-03T02:23:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.", "A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost." ], "acknowledgement": "This issue was discovered by Hangbin Liu (Red Hat) and Jasu Liedes (Synopsys SIG).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16871\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16871" ], "name": "CVE-2018-16871", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability." ], "upstream_fix": "e2fprogs 1.45.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5094\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5094\nhttps://talosintelligence.com/vulnerability_reports/TALOS-2019-0887" ], "name": "CVE-2019-5094", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges." ], "upstream_fix": "mariadb 10.0.20, mariadb 5.5.44, mysql 5.6.24, mysql 5.5.44", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2620\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2620\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html#MSQL" ], "name": "CVE-2015-2620", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-248", "details": [ "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.", "It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) instructions. On hosts with an Intel processor and invept VM exit support, an unprivileged guest user could use these instructions to crash the guest." ], "statement": "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Advanced Threat Research team at Intel Security for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3645\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3645" ], "name": "CVE-2014-3645", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8544\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8544" ], "name": "CVE-2019-8544", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chiaki ISHIKAWA as the original reporter.", "upstream_fix": "thunderbird 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6793\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6793\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6793" ], "name": "CVE-2020-6793", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-09T17:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.", "A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem." ], "acknowledgement": "Red Hat would like to thank Zhenpeng Lin for reporting this issue.", "upstream_fix": "kernel 3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2588\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2588\nhttps://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u" ], "name": "CVE-2022-2588", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-843", "details": [ "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9816\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816" ], "name": "CVE-2019-9816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer." ], "upstream_fix": "mariadb 5.5.44, mariadb 10.0.20, mysql 5.5.44, mysql 5.6.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2643\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2643\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html#MSQL" ], "name": "CVE-2015-2643", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-358", "details": [ "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue.", "It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan as the original reporter.", "upstream_fix": "nss-3.19.1 1.el5_11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2721\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2721\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-71.html" ], "name": "CVE-2015-2721", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-06T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-122->CWE-190->CWE-194", "details": [ "Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.", "An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code." ], "statement": "Red Hat Product Security has rated these issues as having Important security impact. For additional information, refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/2201201", "upstream_fix": "git 2.4.11, git 2.7.4, git 2.6.6, git 2.5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2324\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2324" ], "csaw": true, "name": "CVE-2016-2324" }, { "threat_severity": "Low", "public_date": "2017-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected." ], "statement": "This issue was part of the stack guard fixes that was fixed along side the CVE-2017-1000364 flaw. This issue has previously affected Red Hat Enterprise Linux 5,6,7 and MRG-2. This issue is currently fixed in most versions of shipping products.", "acknowledgement": "Red Hat would like to thank Qualys Inc for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000379\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000379\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" ], "name": "CVE-2017-1000379", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-134", "details": [ "UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings.", "An uncontrolled format string vulnerability has been discovered in udisks when it mounts a filesystem with a malformed label. A local attacker may use this flaw to leak memory, make the udisks service crash, or cause other unspecified effects." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17336\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17336" ], "name": "CVE-2018-17336", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.", "An improper permission check issue was discovered in the RMI component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0408\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0408\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2015-0408", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Gerald Squelart as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7222\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7222\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-147.html" ], "name": "CVE-2015-7222", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7200\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7200\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-131.html" ], "name": "CVE-2015-7200", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.", "Setup in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system." ], "statement": "Preventing a user from accessing the system without deleting their account is not a simple matter. For utmost security, the account should be deleted. Short of this, we recommend a three-pronged approach:\n* change the user's login shell to a harmless command that is not in \"/etc/shells\" (for example \"/bin/false\") to prevent commands being run on their behalf\n* lock the user's password with \"usermod -L\" to prevent authentication with pam services\n* prevent access to the user's home directory with \"chmod 0\" or \"chown root\" and \"chmod 700\" to prevent authentication with ssh keys etc", "upstream_fix": "setup 2.11.4-1.fc28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1113\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1113" ], "name": "CVE-2018-1113", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7802\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7802\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7802" ], "name": "CVE-2017-7802", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.", "An integer overflow has been discovered in libtiff in TIFFSetupStrips:tif_write.c, which could lead to a heap-based buffer overflow in TIFFWriteScanline:tif_write.c. An attacker may use this vulnerability to corrupt memory or cause Denial of Service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10779\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10779" ], "name": "CVE-2018-10779", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image." ], "upstream_fix": "jasper 1.900.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9560\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9560" ], "name": "CVE-2016-9560", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-266", "details": [ "A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.", "A privilege escalation flaw was found in gluster snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink." ], "statement": "This vulnerability affects gluster servers that have, or have previously had, Gluster volume snapshot scheduling enabled from the CLI. Red Hat Enterprise Virtualization supports volume snapshot scheduling from the Web UI, which uses a distinct mechanism that is not subject to this vulnerability. VM snapshots are not impacted by this flaw. For more information, please see the Vulnerability Article linked under External References.\nThis issue did not affect the versions of glusterfs as shipped with Red Hat Enterprise Linux 6, and 7 because only gluster client is shipped in these products. CVE-2018-1088 affects glusterfs-server package as shipped with Red Hat Gluster Storage 3.", "acknowledgement": "This issue was discovered by John Strunk (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1088\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1088\nhttps://access.redhat.com/articles/3414511" ], "name": "CVE-2018-1088", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates between gluster server nodes and clients. \nCaveat: This would only mitigate attacks from unauthorized malicious clients. gluster clients allowed by auth.allow or having signed TLS client certificates would still be able to trigger this attack.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Toni Huttunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2830\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2830\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-63.html" ], "name": "CVE-2016-2830", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. This attack appear to be exploitable a remote attacker that can connect to rsyslog and trigger a stack buffer overflow by sending a specially crafted x509 certificate.", "A stack-based buffer overflow was found in the way librelp parses X.509 certificates. By connecting or accepting connections from a remote peer, an attacker may use a specially crafted X.509 certificate to exploit this flaw and potentially execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin Backhouse (lgtm.com / Semmle) as the original reporters.", "upstream_fix": "librelp 1.2.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000140\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000140\nhttps://www.rsyslog.com/cve-2018-1000140/" ], "name": "CVE-2018-1000140", "mitigation": { "value": "Users are strongly advised not to expose their logging RELP services to a public network.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-471", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2604\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2604\nhttps://www.oracle.com/technetwork/java/javase/11-0-6-oracle-relnotes-5813175.html\nhttps://www.oracle.com/technetwork/java/javase/13-0-2-relnotes-5812268.html\nhttps://www.oracle.com/technetwork/java/javase/8u241-relnotes-5813177.html\nhttps://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_251" ], "name": "CVE-2020-2604", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7786\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7786\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7786" ], "name": "CVE-2017-7786", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption." ], "upstream_fix": "mariadb 10.0.17, mariadb 5.5.42, mysql 5.5.42, mysql 5.6.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0441\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0441\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL" ], "name": "CVE-2015-0441", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7923\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7923" ], "name": "CVE-2016-7923", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via \"View -> Feed article -> Website\" or in the standard format of \"View -> Feed article -> default format\". This vulnerability affects Thunderbird < 52.5.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges cure53 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7846\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7846\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829" ], "name": "CVE-2017-7846", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-20->CWE-125", "details": [ "ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.", "A buffer over-read flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory." ], "upstream_fix": "php 5.5.24, php 5.4.40, php 5.6.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2783\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2783" ], "name": "CVE-2015-2783", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file." ], "upstream_fix": "ImageMagick 6.9.10-43, ImageMagick 7.0.8-43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11597\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11597" ], "name": "CVE-2019-11597", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-28T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-456->CWE-617", "details": [ "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.", "A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.", "upstream_fix": "bind 9.9.7-P2, bind 9.10.2-P3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5477\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5477\nhttps://access.redhat.com/solutions/1548963\nhttps://kb.isc.org/article/AA-01272" ], "name": "CVE-2015-5477", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.", "A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash." ], "statement": "This issue did not affect the versions of subversion as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank Subversion project for reporting this issue. Upstream acknowledges Evgeny Kotkov (VisualSVN) as the original reporter.", "upstream_fix": "subversion 1.8.11, subversion 1.7.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8108\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8108\nhttp://subversion.apache.org/security/CVE-2014-8108-advisory.txt" ], "name": "CVE-2014-8108", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-73", "details": [ "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access." ], "upstream_fix": "qt 5.14.0, qt 5.9.10, qt 5.12.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0570\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0570" ], "name": "CVE-2020-0570", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-863", "details": [ "An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.", "A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability." ], "statement": "Both Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 leverage udev to set the proper permissions (ugo=rw) of the `/dev/kvm` device, making it accessible to all users. It is worth noting that while the KVM rule is part of the main udev package in Red Hat Enterprise Linux 8, the same rule is shipped with the `qemu-kvm` package in Red Hat Enterprise Linux 7. In other words, Red Hat Enterprise Linux 7 does not expose `/dev/kvm` to unprivileged users by default, as long as the `qemu-kvm` package is not installed.", "upstream_fix": "kernel 5.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-22543\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22543\nhttps://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584" ], "name": "CVE-2021-22543", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-14T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.", "An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested." ], "upstream_fix": "openssh 7.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1908\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1908" ], "name": "CVE-2016-1908", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10110\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10110" ], "name": "CVE-2017-10110", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.", "A flaw was discovered in the bmp2tiff utility. By tricking a user into processing a specially crafted file, a remote attacker could exploit this flaw to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool." ], "statement": "Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9330\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9330" ], "name": "CVE-2014-9330", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Christian Holler, Christoph Diehl, David Major, Jason Kratzer, Jon Coppeard, Marcia Knous, Nicolas B. Pierron, and Ronald Crane as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5188\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5188\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-5188" ], "name": "CVE-2018-5188", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges AaylaSecura1138 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9797\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9797\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797" ], "name": "CVE-2019-9797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3867\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3867\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3867", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.", "A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened." ], "upstream_fix": "poppler 0.40.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8868\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8868" ], "name": "CVE-2015-8868", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4842\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4842\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4842", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-131", "details": [ "The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.", "It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash." ], "acknowledgement": "This issue was discovered by Sumit Bose (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1827\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1827" ], "name": "CVE-2015-1827", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all." ], "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15710\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15710\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-15710", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "details": [ "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd." ], "upstream_fix": "ntp 4.2.8p4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7691\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7691\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner\nhttps://github.com/ntp-project/ntp/blob/stable/NEWS#L11" ], "name": "CVE-2015-7691", "mitigation": { "value": "Disable NTP autokey authentication by removing, or commenting out, all configuration directives beginning with the 'crypto' keyword in your ntp.conf file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-325", "details": [ "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.", "A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5383\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5383\nhttps://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html\nhttps://www.kb.cert.org/vuls/id/304725" ], "name": "CVE-2018-5383", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-476", "details": [ "Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9671\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9671" ], "name": "CVE-2014-9671", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "10.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.", "A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14491\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14491\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14491" }, { "threat_severity": "Moderate", "public_date": "2015-03-21T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the related AIO vector code is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7. Future Linux kernel updates for the respective releases might address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2. This flaw is not currently planned to be addressed in future updates due to MRG-2 being an EUS release. For additional information, refer to the Extended Update Support (EUS) Guide: https://access.redhat.com/articles/rhel-eus.", "upstream_fix": "kernel 4.1-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8830\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8830\nhttp://seclists.org/oss-sec/2016/q2/479\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=735" ], "name": "CVE-2015-8830", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10109\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10109" ], "name": "CVE-2017-10109", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML." ], "upstream_fix": "mariadb 5.5.52, mariadb 10.1.18, mariadb 10.0.28, mysql 5.5.52", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5624\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5624\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881724.html#AppendixMSQL" ], "name": "CVE-2016-5624", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8733\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8733\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171", "A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0427\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0427" ], "name": "CVE-2020-0427", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4219\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4219\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-4219", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7931\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7931" ], "name": "CVE-2016-7931", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-22", "details": [ "LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6." ], "upstream_fix": "LibreOffice 6.3.0, LibreOffice 6.2.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9852\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9852\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852" ], "name": "CVE-2019-9852", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace.", "A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a net_hash_mix() function. A remote user could observe this IP ID field to extract the kernel address bits used to derive its value, which may result in leaking the hash key and potentially defeating KASLR." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10639\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10639\nhttps://arxiv.org/pdf/1906.10478.pdf" ], "name": "CVE-2019-10639", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5154\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5154\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5154" ], "name": "CVE-2018-5154", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11526\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11526" ], "name": "CVE-2020-11526", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-25T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.", "It was discovered that zziplib is vulnerable to a directory traversal flaw in most of its unzip binaries, including unzip-mem, unzzipcat-mem, unzzipcat-big, unzzipcat-mix, and unzzipcat-zip. An attacker may use this flaw to write files outside the intended target directory, overwriting existing files, or creating new ones." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17828\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17828" ], "name": "CVE-2018-17828", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1581\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1581\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-79.html" ], "name": "CVE-2014-1581", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.", "A flaw was found in Mozilla Firefox and Thunderbird. When parsing and validating SCTP chunks in WebRTC a memory buffer overflow could occur leading to memory corruption and an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Natalie Silvanovich (Google Project Zero) as the original reporter.", "upstream_fix": "thunderbird 68.8.0, firefox 68.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6831\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6831\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831" ], "name": "CVE-2020-6831", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401->CWE-400", "details": [ "A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time", "A memory leak problem was found in __ipmi_bmc_register in drivers/char/ipmi/ipmi_msghandler.c in Intelligent Platform Management Interface (IPMI) which is used for incoming and outgoing message routing purpose. This flaw may allow an attacker with minimal privilege to cause a denial of service by triggering ida_simple_get() failure." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19046\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19046" ], "name": "CVE-2019-19046", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5380\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5380\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5380" ], "name": "CVE-2017-5380", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c." ], "upstream_fix": "ImageMagick 6.9.10-4, ImageMagick 7.0.8-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13134\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13134" ], "name": "CVE-2019-13134", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-476", "details": [ "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9670\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9670" ], "name": "CVE-2014-9670", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.", "A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system." ], "statement": "The impact is moderate, because of the need of additional privileges (usually local console user).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8648\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8648" ], "name": "CVE-2020-8648", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. A specially crafted PostScript document could exploit this to crash Ghostscript or, possibly, execute arbitrary code in the context of the Ghostscript process. This is a type confusion issue because of failure to check whether the Implementation of a pattern dictionary was a structure type." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19134\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19134" ], "name": "CVE-2018-19134", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.", "A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient." ], "upstream_fix": "mariadb 10.2.5, mariadb 10.1.22, mariadb 10.0.30, mariadb 5.5.55, mysql 5.5.55, mysql 5.6.21, mysql 5.7.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3302\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3302" ], "name": "CVE-2017-3302", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7925\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7925" ], "name": "CVE-2016-7925", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.", "A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash." ], "upstream_fix": "httpd 2.4.26, httpd 2.2.34", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7679\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7679\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-7679", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An out-of-bounds read when an HTTP/2 connection to a servers sends \"DATA\" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chun Han Hsiao as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5446\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5446\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5446" ], "name": "CVE-2017-5446", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap.", "An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap." ], "acknowledgement": "Red Hat would like to thank Liu Bingchang (IIE) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9573\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9573" ], "name": "CVE-2016-9573", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-16T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-78", "details": [ "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address.", "A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters (CVE-2004-2771) and the direct command execution functionality (CVE-2014-7844)." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7844\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7844" ], "name": "CVE-2014-7844", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-367", "details": [ "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.", "It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-6435\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6435" ], "name": "CVE-2013-6435", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.", "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges." ], "acknowledgement": "This issue was discovered by Red Hat Product Security.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6325\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6325" ], "name": "CVE-2016-6325", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.", "In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ‘ie_len’ argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5848\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5848" ], "name": "CVE-2018-5848", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-10T00:00:00Z", "cvss": { "cvss_base_score": "4.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way CUPS handled compressed raster image files. An attacker could create a specially crafted image file that, when passed via the CUPS Raster filter, could cause the CUPS filter to crash." ], "statement": "This issue affects the version of cups package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9679\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9679" ], "name": "CVE-2014-9679", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.", "It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Robert Haas as the original reporter.", "upstream_fix": "postgresql 9.6.3, postgresql 9.5.7, postgresql 9.3.17, postgresql 9.4.12, postgresql 9.2.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7484\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7484\nhttps://www.postgresql.org/about/news/1746/" ], "name": "CVE-2017-7484", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-17T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-283", "details": [ "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.", "It was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT, or to overwrite arbitrary files on the system." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3147\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3147" ], "name": "CVE-2015-3147", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-459", "details": [ "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access." ], "statement": "Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA, and documentation) for releasing this content as RHSA. For more information please contact the binary content vendor.", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21125\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21125\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html" ], "name": "CVE-2022-21125", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-835", "details": [ "An issue was discovered in Exempi before 2.4.4. Integer overflow in the Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .avi file." ], "statement": "This issue did not affect the versions of exempi as shipped with Red Hat Enterprise Linux 6 as they did not include the vulnerable code.", "upstream_fix": "exempi 2.4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18233\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18233" ], "name": "CVE-2017-18233", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.", "A vulnerability was found in the arch/x86/lib/insn-eval.c function in the Linux kernel. An attacker could corrupt the memory due to a flaw in use-after-free access to an LDT entry caused by a race condition between modify_ldt() and a #BR exception for an MPX bounds violation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13233\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13233" ], "name": "CVE-2019-13233", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-345", "details": [ "chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.", "A denial of service flaw was found in the way chrony hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers." ], "acknowledgement": "This issue was discovered by Miroslav Lichvár (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1853\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1853" ], "name": "CVE-2015-1853", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michał Bentkowski as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 68.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17016\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17016\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17016" ], "name": "CVE-2019-17016", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS." ], "upstream_fix": "mariadb 5.5.49, mariadb 10.0.25, mariadb 10.1.14, mysql 5.6.30, mysql 5.5.49, mysql 5.7.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0648\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0648\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0648", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-10T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not prevent data overwrites during copy operations, which allows remote attackers to cause a denial of service (application crash) via a crafted file." ], "upstream_fix": "wireshark 1.12.1, wireshark 1.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6432\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6432\nhttps://www.wireshark.org/security/wnpa-sec-2014-19.html" ], "name": "CVE-2014-6432", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402." ], "upstream_fix": "icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0455\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0455\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0455", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-01-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-772->CWE-835", "details": [ "slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.", "An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections (denial of service)." ], "upstream_fix": "389-ds-base 1.3.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0741\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0741" ], "name": "CVE-2016-0741", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-05-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-772", "details": [ "The ReadXWDImage function in coders\\xwd.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted length (number of color-map entries) field in the header of an XWD file." ], "upstream_fix": "ImageMagick 7.0.5-6, ImageMagick 6.9.8-1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-11166\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11166" ], "name": "CVE-2017-11166", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4881\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4881\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4881", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8690\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8690\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8690", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-23T00:00:00Z", "cvss": { "cvss_base_score": "5.7", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-770", "details": [ "The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section.", "It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU." ], "statement": "This issue did not affect the kvm and qemu-kvm packages as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "This issue was discovered by Daniel P. Berrange (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1779\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1779" ], "name": "CVE-2015-1779", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-06T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-172", "details": [ "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", "It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications (IDNA), which may result in a wrong domain name (specifically the netloc component of URL - user@domain:port) being returned by those functions. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application." ], "upstream_fix": "python 3.7.3, python 3.5.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9636\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9636\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" ], "name": "CVE-2019-9636", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-843", "details": [ "psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19476\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19476" ], "name": "CVE-2018-19476", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.", "An out-of-bounds (OOB) memory access flaw was found in the Qlogic ISCSI module in the Linux kernel's qedi_dbg_* family of functions in drivers/scsi/qedi/qedi_dbg.c. Here a local attacker with a special user privilege account (or a root) can cause an out-of-bound memory access leading to a system crash or a leak of internal kernel information." ], "upstream_fix": "kernel 5.1.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15090\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15090" ], "name": "CVE-2019-15090", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-770", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4893\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4893\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4893", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers: By using a combination of many requests with maximum sized headers (almost 80 KB per connection), and carefully timed completion of the headers, it is possible to cause the HTTP server to abort from heap allocation failure. Attack potential is mitigated by the use of a load balancer or other proxy layer." ], "statement": "The nodejs RPMs shipped in Red Hat OpenShift Container Platform (OCP) versions 3.6 through 3.10 are vulnerable to this flaw because they contain the affected code. Later versions of OCP used nodejs RPMs delivered from Red Hat Software Collections and Red Hat Enterprise Linux channels.", "upstream_fix": "nodejs 8.14.0, nodejs 11.3.0, nodejs 10.14.0, nodejs 6.15.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12121\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12121" ], "name": "CVE-2018-12121", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14556\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14556" ], "name": "CVE-2020-14556", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake." ], "statement": "This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13077\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13077\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "csaw": true, "name": "CVE-2017-13077" }, { "threat_severity": "Critical", "public_date": "2018-05-15T12:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.", "A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol." ], "statement": "Red Hat has been made aware of a vulnerability affecting the DHCP client packages as shipped with Red Hat Enterprise Linux 6 and 7. This vulnerability CVE-2018-1111 was rated as having a security impact of Critical. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.\nRed Hat Enterprise Virtualization 4.1 includes the vulnerable components, but the default configuration is not impacted because NetworkManager is turned off in the Management Appliance, and not used in conjunction with DHCP in the Hypervisor. Customers can still obtain the updated packages from Red Hat Enterprise Linux channels using `yum update`, or upgrade to Red Hat Enterprise Virtualization 4.2, which includes the fixed packages.\nRed Hat Enterprise Virtualization 3.6 is not vulnerable as it does not use DHCP.", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1111\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1111\nhttps://access.redhat.com/security/vulnerabilities/3442151" ], "csaw": true, "name": "CVE-2018-1111", "mitigation": { "value": "Please access https://access.redhat.com/security/vulnerabilities/3442151 for information on how to mitigate this issue.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2015-10-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-674", "details": [ "Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.", "A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input." ], "upstream_fix": "postgresql 9.4.5, postgresql 9.0.23, postgresql 9.3.10, postgresql 9.1.19, postgresql 9.2.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5289\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5289\nhttp://www.postgresql.org/about/news/1615/" ], "name": "CVE-2015-5289", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-09T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges sushi Anton Larsson as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2831\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2831\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-58.html" ], "name": "CVE-2016-2831", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-13T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-772", "details": [ "The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.", "A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state and crash." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6,\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 realtime kernels.\nFor additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/ .", "acknowledgement": "This issue was discovered by Miroslav Vadkerti (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8844\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8844" ], "name": "CVE-2015-8844", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-14T17:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank Apple Product Security for reporting this issue. Upstream acknowledges Stephan Zeisberg (Security Research Labs) as the original reporter.", "upstream_fix": "cups 2.2.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8696\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8696" ], "name": "CVE-2019-8696", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-193->CWE-626->CWE-122", "details": [ "Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.", "An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5119\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5119" ], "name": "CVE-2014-5119", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712." ], "upstream_fix": "php 7.0.30, php 7.2.5, php 5.6.36, php 7.1.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10547\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10547" ], "name": "CVE-2018-10547", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-08-09T06:30:00Z", "cvss3": { "cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.", "A flaw was found in hw. The APIC can operate in xAPIC mode (also known as a legacy mode), in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. This flaw allows an attacker who can execute code on a target CPU to query the APIC configuration page. When reading the APIC configuration page with an unaligned read from the MMIO page, the registers may return stale data from previous requests made by the same processor core to the same configuration page, leading to unauthorized access." ], "statement": "Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA, and documentation) for releasing this content as RHSA. For more information please contact the binary content vendor.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21233\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21233\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html" ], "name": "CVE-2022-21233", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1974\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1974\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-34.html" ], "name": "CVE-2016-1974", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-20T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process." ], "statement": "A non-standard system configuration (\"networks: file dns\" in /etc/nsswitch.conf) and possibly a DNS spoofing attack is required to exploit this flaw.\nRed Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9402\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9402" ], "name": "CVE-2014-9402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds write in copyIntoFrameBuffer in ImfMisc.cpp." ], "upstream_fix": "OpenEXR 2.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11764\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11764" ], "name": "CVE-2020-11764", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-01T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.", "A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive." ], "statement": "This issue does not affect the versions of libvirt packages as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of libvirt packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3657\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3657" ], "name": "CVE-2014-3657", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data." ], "acknowledgement": "Red Hat would like to thank GnuTLS upstream for reporting this issue.", "upstream_fix": "libtasn1 3.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3467\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3467" ], "name": "CVE-2014-3467", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.", "It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it." ], "statement": "This issue affects the versions of sssd as shipped with Red Hat Satellite version 6.0. More recent versions of Satellite no longer ships sssd. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Sumit Bose (Red Hat).", "upstream_fix": "sssd 1.16.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12173\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12173" ], "name": "CVE-2017-12173", "mitigation": { "value": "It is possible to disable manually credential caching :\n* Stop the sssd service\n* Delete the cache (rm -f /var/lib/sss/db/* /var/log/sssd/*) or manually remove the hashes for the database\n* In the sssd configuration file, change cache_credentials to False for each domains\n* start the sssd service again\nHowever, tools such as realmd & ipa-client-install might enable credential caching, and should be used with care.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1522\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1522\nhttp://www.talosintel.com/reports/TALOS-2016-0057/\nhttp://www.talosintel.com/reports/TALOS-2016-0060/" ], "name": "CVE-2016-1522", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-12T18:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.", "A flaw was found in the Intel graphics hardware (GPU), where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to the address space required to function correctly." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/i915-graphics", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0155\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0155\nhttps://access.redhat.com/solutions/i915-graphics\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html" ], "csaw": true, "name": "CVE-2019-0155", "mitigation": { "value": "Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system however the power management functionality of the card will be disabled and the system may draw additional power. See this KCS article( https://access.redhat.com/solutions/41278 ) for instructions on how to disable a kernel module. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if running graphical tools locally is required.", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2015-09-23T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.", "It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5292\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5292" ], "name": "CVE-2015-5292", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.", "A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call." ], "upstream_fix": "tomcat 6.0.45, tomcat 7.0.65, tomcat 8.0.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5174\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5174\nhttp://seclists.org/bugtraq/2016/Feb/149" ], "name": "CVE-2015-5174", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-30T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.", "A stack-based buffer overflow flaw was found in the way objdump processed IHEX files. A specially crafted IHEX file could cause objdump to crash or, potentially, execute arbitrary code with the privileges of the user running objdump." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8503\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8503" ], "name": "CVE-2014-8503", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2431\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2431\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL" ], "name": "CVE-2014-2431", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-362", "details": [ "Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.", "A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn (Google) as the original reporter.", "upstream_fix": "samba 4.4.11, samba 4.5.7, samba 4.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2619\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2619\nhttps://www.samba.org/samba/security/CVE-2017-2619.html" ], "name": "CVE-2017-2619", "mitigation": { "value": "Add the parameter:\nunix extensions = no\nto the [global] section of your smb.conf and restart smbd. This prevents SMB1 clients from creating symlinks on the exported file system using SMB1.\nHowever, if the same region of the file system is also exported using NFS, NFS clients can create symlinks that potentially can also hit the race condition. For non-patched versions of Samba we recommend only exporting areas of the file system by either SMB or NFS, not both.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-16T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", "A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Marko Tiikkaja as the original reporter.", "upstream_fix": "postgresql 9.1.15, postgresql 9.3.6, postgresql 9.0.19, postgresql 9.4.1, postgresql 9.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0243\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0243\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2015-0243", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12379\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12379\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379" ], "name": "CVE-2018-12379", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5342\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5342" ], "name": "CVE-2017-5342", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-12T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL selector\" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.", "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7\nmay address this issue.", "acknowledgement": "Red Hat would like to thank Xiaohan Zhang (Huawei Inc.) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2583\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2583" ], "name": "CVE-2017-2583", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-09-05T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", "It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8777\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8777" ], "name": "CVE-2015-8777", "mitigation": { "value": "The glibc pointer guard is a post-exploitation mitigation mechanism. As such, it is only relevant if there are exploitable security vulnerabilities in the system. Therefore, applying available security updates to the system is a possible mitigation for this issue.\nIn typical deployments, environment variables can only be set by users with shell access. Restricting shell access to trusted users is another possible mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Cobos Álvarez, Jason Kratzer, Jason Orendorff, Karl Tomlinson, Ludovic Hirlimann, Marcia Knous, Nathan Froyd, Oriol Brufau, Randell Jesup, Ronald Crane, Ryan VanderMeulen, Sebastian Hengst, Tyson Smith, and Xidorn Quan as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5089\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5089\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5089" ], "name": "CVE-2018-5089", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5732\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5732\nhttps://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" ], "name": "CVE-2017-5732", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Gary Kwong, Jesse Ruderman, Julian Seward, Karl Tomlinson, Olli Pettay, Sylvestre Ledru, Timothy Nikkel, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2818\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2818\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-49.html" ], "name": "CVE-2016-2818", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.", "An out of bounds read flaw related to \"graphite2::Pass::readPass\" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7771\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7771\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7771", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code.", "A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote, unauthenticated attacker could possibly exploit this flaw to crash the rpcbind service (denial of service) by performing a series of UDP and TCP calls." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7236\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7236" ], "name": "CVE-2015-7236", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-362", "details": [ "An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.", "A race condition was found in the Linux kernel's sound timer code in the snd_timer_user_read() function in the sound/core/timer.c file. An unprivileged attacker can exploit the race condition to cause an out-of-bound access which may lead to a system crash or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13167\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13167" ], "name": "CVE-2017-13167", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2582\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2582" ], "name": "CVE-2018-2582", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.", "It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3427\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3427\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-3427", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave." ], "statement": "This issue did not affect the versions of libsndfile as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of libsndfile as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13139\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13139" ], "name": "CVE-2018-13139", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.", "Ghostscript did not honor the -dSAFER option when executing the \"status\" instruction, which can be used to retrieve information such as a file's existence and size. A specially crafted postscript document could use this flow to gain information on the targeted system's filesystem content." ], "upstream_fix": "ghostcript 9.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11645\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11645" ], "name": "CVE-2018-11645", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-26T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.", "It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time." ], "acknowledgement": "This issue was discovered by Sumit Bose (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0283\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0283" ], "name": "CVE-2015-0283", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-22T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.", "It was found that Pidgin's SSL/TLS plug-ins had a flaw in the certificate validation functionality. An attacker could use this flaw to create a fake certificate, that Pidgin would trust, which could be used to conduct man-in-the-middle attacks against Pidgin." ], "acknowledgement": "Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Jacob Appelbaum and Moxie Marlinspike as the original reporters.", "upstream_fix": "pidgin 2.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3694\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3694" ], "name": "CVE-2014-3694", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-02T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.", "It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases will address this issue.\nPlease note that on x86-64 architecture systems the impact is limited to local Denial of Service and that the ping sockets functionality is disabled by default (net.ipv4.ping_group_range sysctl is \"10\").", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3636\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3636" ], "name": "CVE-2015-3636", "mitigation": { "value": "You can check whether ping socket functionality is enabled by examining the net.ipv4.ping_group_range sysctl value:\n~]# sysctl net.ipv4.ping_group_range\nnet.ipv4.ping_group_range = 10\n\"1 0\" is the default value and disables the ping socket functionality even for root user. Any other value means that the ping socket functionality might be enabled for certain users on the system.\nTo mitigate this vulnerability make sure that you either allow the functionality to trusted local users (groups) only or set the net.ipv4.ping_group_range sysctl to the default and disabled state:\n~]# sysctl net.ipv4.ping_group_range=\"1 0\"\nPlease note that this might prevent some programs relying on this functionality from functioning properly.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.", "A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root." ], "upstream_fix": "mysql 5.5.52, mysql 5.6.33, mysql 5.7.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6664\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6664\nhttps://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.txt" ], "name": "CVE-2016-6664", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-13T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-772", "details": [ "The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.", "A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state and crash." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6,\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 realtime kernels.\nFor additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/ .", "acknowledgement": "This issue was discovered by Miroslav Vadkerti (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8845\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8845" ], "name": "CVE-2015-8845", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document." ], "statement": "This issue affects the versions of qt5-base and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15518\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15518" ], "name": "CVE-2018-15518", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-23T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-704", "details": [ "The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a \"bits/bytes confusion bug.\"", "A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters." ], "acknowledgement": "Red Hat would like to thank Aris Adamantiadis for reporting this issue.", "upstream_fix": "libssh2 1.7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0787\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0787\nhttp://www.libssh2.org/adv_20160223.html" ], "name": "CVE-2016-0787", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 6.9.9-40, ImageMagick 7.0.7-29", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18016\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18016" ], "name": "CVE-2018-18016", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file." ], "upstream_fix": "thunderbird 60.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5824\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5824\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-03/" ], "name": "CVE-2016-5824", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-07T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c." ], "statement": "Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libtiff.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8129\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8129" ], "name": "CVE-2014-8129", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-17T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-282->CWE-200", "details": [ "The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application.", "It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp)." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3142\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3142" ], "name": "CVE-2015-3142", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.", "It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one." ], "statement": "This issue did not affect the versions of zsh as shipped with Red Hat Enterprise Linux 5 as scripts were directly handled by the kernel and not special-handled by zsh itself.", "upstream_fix": "zsh 5.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13259\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13259\nhttp://www.zsh.org/mla/zsh-announce/136" ], "name": "CVE-2018-13259", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.", "A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "This flaw is rated as having Moderate impact as eBPF requires a privileged user on Red Hat Enterprise Linux to correctly load eBPF instructions that can be exploited.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29154\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29154" ], "name": "CVE-2021-29154", "mitigation": { "value": "This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected.\nIt can be disabled immediately with the command:\n# echo 0 > /proc/sys/net/core/bpf_jit_enable\nOr it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable\n## start file ##\nnet.core.bpf_jit_enable=0\n## end file ##", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2755\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2755" ], "name": "CVE-2020-2755", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7784\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7784\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7784" ], "name": "CVE-2017-7784", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer." ], "upstream_fix": "mariadb 10.0.23, mariadb 5.5.47, mariadb 10.1.10, mysql 5.5.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0616\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0616\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0616", "csaw": false }, { "threat_severity": "Low", "public_date": "2012-12-01T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2012-5615\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5615" ], "name": "CVE-2012-5615", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-01-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8784\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8784" ], "name": "CVE-2015-8784", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-05T00:00:00Z", "cvss": { "cvss_base_score": "1.4", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores \"unhashed\" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.", "It was found that when the nsslapd-unhashed-pw-switch 389 Directory Server configuration option was set to \"off\", it did not prevent the writing of unhashed passwords into the Changelog. This could potentially allow an authenticated user able to access the Changelog to read sensitive information." ], "statement": "This issue did not affect the versions of 389-ds-base as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "This issue was discovered by Ludwig Krispenz (Red Hat Identity Management Engineering Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8112\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8112" ], "name": "CVE-2014-8112", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "8.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.", "Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC)." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter.", "upstream_fix": "samba 4.3.7, samba 4.2.10, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5370\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5370\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2015-5370", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-348", "details": [ "The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.", "It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Apache Software Foundation for reporting this issue. Upstream acknowledges Evgeny Kotkov (VisualSVN) as the original reporter.", "upstream_fix": "Subversion 1.7.20, Subversion 1.8.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0251\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0251\nhttps://subversion.apache.org/security/CVE-2015-0251-advisory.txt" ], "name": "CVE-2015-0251", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-267", "details": [ "A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.", "A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions." ], "acknowledgement": "Red Hat would like to thank Tobias Stöckmann for reporting this issue.", "upstream_fix": "util-linux 2.32.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2616\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2616" ], "name": "CVE-2017-2616", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5433\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5433\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5433" ], "name": "CVE-2017-5433", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Vytautas Staraitis as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7196\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7196\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-130.html" ], "name": "CVE-2015-7196", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-16T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-862", "details": [ "A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.", "A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape." ], "statement": "The nested virtualization feature is not enabled by default up to Red Hat Enterprise Linux 8.4. Most importantly, Red Hat currently provides nested virtualization only as a Technology Preview, and is therefore unsupported for production use. For additional details please see https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.", "acknowledgement": "This issue was discovered by Maxim Levitsky (Red Hat) and Paolo Bonzini (Red Hat).", "upstream_fix": "kernel 5.14-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3656\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3656\nhttps://www.openwall.com/lists/oss-security/2021/08/16/1" ], "name": "CVE-2021-3656", "mitigation": { "value": "This vulnerability can be mitigated by disabling the nested virtualization feature:\n```\n# modprobe -r kvm_amd\n# modprobe kvm_amd nested=0\n```\nDisabling VLS (Virtual VMLOAD/VMSAVE) is an alternative mitigation:\n```\n# modprobe kvm_amd vls=0\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rob Wu as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12396\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12396\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12396" ], "name": "CVE-2018-12396", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.", "A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1790\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1790" ], "name": "CVE-2015-1790", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.", "An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Armin Razmdjou as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0822\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0822\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-24" ], "name": "CVE-2015-0822", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.", "Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences." ], "statement": "This issue affects the versions of pkicore as shipped with Red Hat Certificate System 9. Red Hat Product Security has rated this issue as having security impact of Low. Please also note that all instances of \"authz.evaluateOrder\" are set to \"deny,allow\" by default. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Fraser Tweedale (Red Hat).", "upstream_fix": "PKI 10.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1080\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1080" ], "name": "CVE-2018-1080", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges." ], "statement": "This flaw has a lower impact on Red Hat Enterprise Linux because the ntfs-3g tool is run in a supermin appliance, which is similar to a virtual machine instantiated on the fly, and it does not have the SUID bit set. Thus an attacker is very limited on what he can do to the vulnerable system.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9755\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9755\nhttps://www.debian.org/security/2019/dsa-4413" ], "name": "CVE-2019-9755", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.", "A NULL pointer dereference flaw was found in ghostscript's mem_get_bits_rectangle function. A specially crafted postscript document could cause a crash in the context of the gs process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7207\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7207" ], "name": "CVE-2017-7207", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.", "A flaw was found in hw. Non-transparent sharing of branch predictor targets between contexts in some Intel(R) processors may potentially allow an authorized user to enable information disclosure via local access." ], "acknowledgement": "Red Hat would like to thank Johannes Wikner (ETH Zurich) and Kaveh Razavi (ETH Zurich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29901\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29901\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html" ], "name": "CVE-2022-29901", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The build_expert_data function in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." ], "statement": "This issue affects the verison of wireshark as shipped with Red Hat Enterprsie Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.", "upstream_fix": "wireshark 1.10.11, wireshark 1.12.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8712\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8712\nhttps://www.wireshark.org/security/wnpa-sec-2014-22.html" ], "name": "CVE-2014-8712", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.", "A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9064\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9064\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-9064", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-31T00:00:00Z", "cvss": { "cvss_base_score": "7.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-119", "details": [ "NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.", "A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges." ], "statement": "This issue did not affect the versions of samba or samba3x as shipped with Red Hat Enterprise Linux 5, and the versions of samba as shipped with Red Hat Enterprise Linux 6, as it only affected Samba 4.0.0 and higher.", "upstream_fix": "samba 4.1.11, samba 4.0.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3560\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3560\nhttps://www.samba.org/samba/security/CVE-2014-3560" ], "name": "CVE-2014-3560", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.", "A regression was found in the ssleay_rand_bytes() function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash." ], "statement": "This issue does not affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3216\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3216" ], "name": "CVE-2015-3216", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843->(CWE-125|CWE-787)", "details": [ "A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bruno Keith via Beyond Security's SecuriTeam Secure Disclosure program, Niklas Baumstark, and Samuel Groß as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12386\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12386\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386" ], "name": "CVE-2018-12386", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-03-04T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-749", "details": [ "The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.", "A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel." ], "statement": "This issue did not affect the versions of the kernel as shipped\nwith Red Hat Enterprise Linux 4, 5, and 6.\nThis issue affects the versions of the Linux as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-7421\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7421" ], "name": "CVE-2013-7421", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-269", "details": [ "A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16838\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16838" ], "name": "CVE-2018-16838", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11713\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11713\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713" ], "name": "CVE-2019-11713", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-79", "details": [ "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences." ], "statement": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "upstream_fix": "drupal 7.66, jquery 3.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11358\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://www.drupal.org/sa-core-2019-006" ], "name": "CVE-2019-11358", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges." ], "upstream_fix": "mariadb 5.5.42, mariadb 10.0.17, mysql 5.6.23, mysql 5.5.42", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2568\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2568\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL" ], "name": "CVE-2015-2568", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Byron Campen as the original reporter.", "upstream_fix": "thunderbird 78, thunderbird 68.10.0, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12420\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12420\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420" ], "name": "CVE-2020-12420", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-805->CWE-122->CWE-787", "details": [ "An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.", "An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, leads to an out-of-bounds write. This flaw allows a remote, unauthenticated, attacker running an RDP server, or a local attacker, using a specially crafted certificate, to cause an out-of-bounds write into client process memory, corrupting the integrity of the data used in the RSA encryption functionality, or causing a denial of service." ], "upstream_fix": "freerdp 2.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13398\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13398" ], "name": "CVE-2020-13398", "mitigation": { "value": "To mitigate this flaw, only make connection attempts to trusted RDP servers from the RDP client application.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-27T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9210\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9210" ], "name": "CVE-2019-9210", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF." ], "upstream_fix": "mariadb 10.1.10, mariadb 5.5.47, mariadb 10.0.23, mysql 5.7.10, mysql 5.6.28, mysql 5.5.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0608\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0608\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0608", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "(CWE-190|CWE-119)", "details": [ "Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4480\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4480\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-83.html" ], "name": "CVE-2015-4480", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages \"type confusion.\"" ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5263\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5263\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-78.html" ], "name": "CVE-2016-5263", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-11-23T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." ], "upstream_fix": "pcre 8.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8386\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8386" ], "name": "CVE-2015-8386", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-23T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.", "A heap-based buffer overflow flaw was found in cpio's list_file() function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash cpio, or potentially lead to arbitrary code execution." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9112\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9112" ], "name": "CVE-2014-9112", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.", "A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4655\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4655" ], "name": "CVE-2014-4655", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7779\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7779\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7779" ], "name": "CVE-2017-7779", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8096\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8096\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8096", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability." ], "statement": "The versions of httpd package shipped with Red Hat Enterprise Linux are by default configured in prefork MPM mode, which means that this flaw can result in a crash of child process. The main web server process will not be killed. Also, though the module is loaded by default, it needs to be specifically enabled in order to be exposed to the security flaw.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1303\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1303" ], "name": "CVE-2018-1303", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-77", "details": [ "Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile (%pipe%\" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.", "It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8291\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8291" ], "name": "CVE-2017-8291", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-12T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.", "A vulnerability was found in libarchive. A specially crafted cpio archive containing a symbolic link to a ridiculously large target path can cause memory allocation to fail, resulting in any attempt to view or extract the archive crashing." ], "upstream_fix": "libarchive 3.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4809\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4809" ], "name": "CVE-2016-4809", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.", "A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. By using a specially crafted USB device which sends a forged extra descriptor, an unprivileged user with physical access to the system can potentially cause a privilege escalation or trigger a system crash or lock up and thus to cause a denial of service (DoS)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20169\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20169" ], "name": "CVE-2018-20169", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3613\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3613\nhttps://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-authenticated-variable-bypass.html" ], "name": "CVE-2018-3613", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.", "A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0477\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0477\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0477", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2987\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2987" ], "name": "CVE-2019-2987", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.", "An out of bounds read vulnerability was found in libevent in the search_make_new function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10197\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10197" ], "name": "CVE-2016-10197", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "(CWE-636|CWE-757)", "details": [ "The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the \"POODLE\" issue.", "A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections." ], "statement": "This issue affects the version of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss Web Server 1 and 2, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1.\nThis issue affects the version of nss as shipped with Red Hat Enterprise Linux 5, 6 and 7.\nAdditional information can be found in the Red Hat Knowledgebase article: \nhttps://access.redhat.com/articles/1232123", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3566\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3566" ], "csaw": true, "name": "CVE-2014-3566" }, { "threat_severity": "Moderate", "public_date": "2018-01-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-416", "details": [ "sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format." ], "upstream_fix": "libreoffice 6.0.1.1, libreoffice 5.4.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10119\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10119\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/" ], "name": "CVE-2018-10119", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-25T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.", "It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information." ], "acknowledgement": "This issue was discovered by Viktor Ashirov (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5416\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5416" ], "name": "CVE-2016-5416", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-01T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "An issue was discovered in amqp_handle_input in amqp_connection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTION_STATE_HEADER. A rogue server could return a malicious frame header that leads to a smaller target_size value than needed. This condition is then carried on to a memcpy function that copies too much data into a heap buffer." ], "upstream_fix": "librabbitmq 0.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18609\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18609" ], "name": "CVE-2019-18609", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5184\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5184\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184" ], "name": "CVE-2018-5184", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.", "It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent." ], "statement": "In order to exploit this flaw, the attacker needs to have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent. Because of this restriction for successful exploitation, this issue has been rated as having Moderate security impact. A future update may address this flaw.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10009\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10009\nhttps://www.openssh.com/txt/release-7.4" ], "name": "CVE-2016-10009", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2793\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2793\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2793", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and tif_rawcp members. Reported as MSVR 35095, aka \"TIFFFlushData1 heap-buffer-overflow.\"" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9534\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9534" ], "name": "CVE-2016-9534", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"" ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7175\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7175\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7175", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.", "Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6055\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6055" ], "name": "CVE-2014-6055", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.", "A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10195\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10195" ], "name": "CVE-2016-10195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-400", "details": [ "In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly." ], "upstream_fix": "spamassassin 3.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12420\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12420" ], "name": "CVE-2019-12420", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-10T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-787", "details": [ "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.", "A flaw was found in the way grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8370\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8370\nhttp://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html" ], "name": "CVE-2015-8370", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer." ], "upstream_fix": "jasper 1.900.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9391\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9391" ], "name": "CVE-2016-9391", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-776", "details": [ "The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack." ], "statement": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/", "upstream_fix": "jruby 1.7.16.1, ruby 2.0.0-p594, ruby 1.9.3-p550, ruby 2.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8080\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8080\nhttps://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/" ], "name": "CVE-2014-8080", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-456", "details": [ "ImageMagick before 7.0.8-50 has a \"use of uninitialized value\" vulnerability in the function ReadCUTImage in coders/cut.c." ], "upstream_fix": "ImageMagick 6.9.10-50, ImageMagick 7.0.8-50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13135\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13135" ], "name": "CVE-2019-13135", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2740\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2740\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2740", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-17T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-59", "details": [ "The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file.", "It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1869\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1869" ], "name": "CVE-2015-1869", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.", "It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue.", "upstream_fix": "samba 4.3.7, samba 4.2.10, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2111\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2111\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2111", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was found in Mozilla Firefox and Thunderbird where null bytes were incorrectly parsed in HTML entities. This could lead to HTML comments being treated as code which could lead to XSS in a web application or HTML entities being masked from filters." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gareth Heyes as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11763\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11763\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763" ], "name": "CVE-2019-11763", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.2.13, mariadb 10.1.31, mariadb 10.0.34, mariadb 5.5.59, mysql 5.5.59, mysql 5.6.39, mysql 5.7.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2668\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2668\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" ], "name": "CVE-2018-2668", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8764\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8764\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8764", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.4.9, mariadb 5.5.66, mariadb 10.1.42, mariadb 10.2.28, mariadb 10.3.19, mysql 5.6.46, mysql 8.0.18, mysql 5.7.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2974\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2974\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" ], "name": "CVE-2019-2974", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats." ], "statement": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates.\nRed Hat Virtualization includes a vulnerable version of ruby, however the affected functionality is not used in Red Hat Virtualization or any of its dependencies. A future update may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16396\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16396\nhttps://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/" ], "name": "CVE-2018-16396", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-31T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-626", "details": [ "gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.", "It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions." ], "statement": "This issue does not affect the current php and php53 packages in Red Hat Enterprise Linux 5 and 6, as it was previously corrected as part of the fix for CVE-2006-7243.", "upstream_fix": "php 5.4.32, php 5.5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5120\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5120" ], "name": "CVE-2014-5120", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-12-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.2", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-772", "details": [ "mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.", "A flaw was found in the Linux kernel's mwifiex driver implementation when connecting to other WiFi devices in \"Test Mode.\" A kernel memory leak can occur if an error condition is met during the parameter negotiation. This issue can lead to a denial of service if multiple error conditions meeting the repeated connection attempts are attempted." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20095\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20095" ], "name": "CVE-2019-20095", "mitigation": { "value": "As connecting to a wireless device is not automatic and initiated by a user, not connecting to rogue access points would prevent this flaw from being abused.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-23T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-843->CWE-822->CWE-201", "details": [ "The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a \"type confusion\" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.", "A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory." ], "statement": "Red Hat classifies this as a security issue, however it is suggested that a properly secured PHP install should disable the phpinfo() function.", "upstream_fix": "php 5.5.14, php 5.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4721\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4721" ], "name": "CVE-2014-4721", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).", "It was discovered that libX11 does not properly validate input coming from the server, causing XListExtensions() and XGetFontPath() functions to produce an invalid list of elements that in turn make XFreeExtensionsList() and XFreeFontPath() access invalid memory. An attacker who can either configure a malicious X server or modify the data coming from one, could use this flaw to crash the application using libX11, resulting in a denial of service." ], "statement": "This issue did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code.\nTo exploit the vulnerability an attacker would need to have already compromised the X server used by your applications. Normally, the X client that runs libX11 and the X server runs on the same machine, thus if an attacker can trigger this flaw he has already compromised the X server, which runs as root, and he has already full control on the system. If the X client runs on another system than the X server (e.g. DISPLAY environment variable is used and it points to an X server on another system) then exploiting this vulnerability would only crash the client, which should not be run with high privileges. For the above reasons, this flaw was rated as Moderate Impact.", "upstream_fix": "libX11 1.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14598\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14598" ], "name": "CVE-2018-14598", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows \"Infinite loop and memory exhaustion with 'concat' attributes\" and a denial of service.", "A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10985\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10985\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10985", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rob Wu as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12397\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12397\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12397" ], "name": "CVE-2018-12397", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.", "A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process." ], "acknowledgement": "Red Hat would like to thank Kurtis Miller (nccgroup.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20815\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20815" ], "name": "CVE-2018-20815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability.", "It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request." ], "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5388\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5388" ], "name": "CVE-2016-5388", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.", "A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7472\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7472" ], "name": "CVE-2017-7472", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.", "A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in the denial of service." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski and Nick Peterson (Everdox Tech LLC) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8897\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8897\nhttps://access.redhat.com/security/vulnerabilities/pop_ss" ], "csaw": true, "name": "CVE-2018-8897" }, { "threat_severity": "Moderate", "public_date": "2014-10-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service (application crash) via a large length value in an emoticon response.", "A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to crash Pidgin by sending a specially crafted emoticon." ], "acknowledgement": "Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Richard Johnson (Cisco Talos) and Yves Younan (Cisco Talos) as the original reporters.", "upstream_fix": "pidgin 2.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3695\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3695" ], "name": "CVE-2014-3695", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7929\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7929" ], "name": "CVE-2016-7929", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-05T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.", "In keycloak-http-client-install prior to version 0.8, the admin password could be provided through a command-line argument. This might result in the password being leaked through shell history, or becoming visible to a local attacker at the time the program is running." ], "statement": "Red Hat Product Security has rated this issue as having security impact of Low. This issue may be fixed in a future version of Red Hat Enterprise Linux.\nOpenStack users please note, this issue is present in:\n* Red Hat OpenStack Platform 9.0 (Mitaka)\n* Red Hat OpenStack Platform 10.0 (Newton) \n* Red Hat OpenStack Platform 11.0 (Ocata)\nIf a fixed version of keycloak-httpd-client-install is made available in Red Hat Enterprise Linux, OpenStack customers should consume this package directly from the Red Hat Enterprise Linux channel (this occurs during normal updates).", "upstream_fix": "keycloak 0.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15112\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15112" ], "name": "CVE-2017-15112", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2799\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2799\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2799", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.", "A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "upstream_fix": "kernel 3.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-42739\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-42739\nhttps://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/" ], "name": "CVE-2021-42739", "mitigation": { "value": "To mitigate this issue, prevent the module firedtv from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-31T13:42:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-345", "details": [ "It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.", "It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox." ], "acknowledgement": "Red Hat would like to thank Imre Rad for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10181\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10181" ], "name": "CVE-2019-10181", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.", "It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0272\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0272" ], "name": "CVE-2015-0272", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-117", "details": [ "The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.", "It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections 3. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.3.5, ruby 2.2.8, ruby 2.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10784\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10784\nhttps://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/" ], "name": "CVE-2017-10784", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-26T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-130->CWE-125", "details": [ "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.", "A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4341\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4341" ], "name": "CVE-2014-4341", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was discovered in Mozilla Firefox and Thunderbird where a fixed-stack buffer overflow could occur during WebRTC signalling. The vulnerability could lead to an exploitable crash or leak data." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11760\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11760\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760" ], "name": "CVE-2019-11760", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7575\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7575" ], "name": "CVE-2019-7575", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.", "It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3426\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3426\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-3426", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.", "A flaw was found in Mozilla Firefox. A race condition can occur while running the nsDocShell destructor causing a use-after-free memory issue. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francisco Alonso and Javier Marcos as the original reporter.", "upstream_fix": "firefox 68.6.1, firefox 74.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6819\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6819\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819" ], "name": "CVE-2020-6819", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.", "A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. A specially crafted tag input could possibly cause a PHP application to crash." ], "upstream_fix": "php 5.5.22, php 5.6.6, php 5.4.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9705\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9705" ], "name": "CVE-2014-9705", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-02-03T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-377", "details": [ "The unpacker::redirect_stdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite arbitrary files via a symlink attack on /tmp/unpack.log." ], "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1876\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1876\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-1876", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-863", "details": [ "Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.", "It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks." ], "acknowledgement": "This issue was discovered by Liam Campbell (Red Hat).", "upstream_fix": "ipa 4.3.3, ipa 4.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9575\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9575" ], "name": "CVE-2016-9575", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.", "A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service." ], "upstream_fix": "libvirt 5.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3840\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3840" ], "name": "CVE-2019-3840", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20098\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20098" ], "name": "CVE-2018-20098", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution." ], "statement": "This vulnerability affected the glibc package on Red Hat Enterprise Linux 7.4, however it can only be exploited when mount namespaces owned by user namespaces are enabled, which requires manually configuring a kernel parameter and sysctl that are not enabled by default. Please see the Bugzilla link for more details.\nThis vulnerability affects glibc on Red Hat Enterprise Linux 6. However the kernel included in Red Hat Enterprise Linux 6 does not violate glibc's assumption about the behaviour of getcwd(), so this vulnerability can not be exploited when running with the default kernel. Red Hat Enterprise Linux 6 containers may be vulnerable when running on a host with kernel 2.6.36 or greater.", "acknowledgement": "Red Hat would like to thank halfdog for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000001\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000001" ], "name": "CVE-2018-1000001", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-25T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c." ], "statement": "This issue affects the versions of libtiff as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18661\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18661" ], "name": "CVE-2018-18661", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-02T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805." ], "upstream_fix": "nettle 3.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8803\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8803\nhttps://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003028.html" ], "name": "CVE-2015-8803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).", "It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2602\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2602" ], "name": "CVE-2018-2602", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-02-25T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a \"Transfer-Encoding: chunked\" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.", "It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests." ], "upstream_fix": "tomcat 7.0.47, tomcat 8.0.0-rc3, tomcat 6.0.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4286\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4286" ], "name": "CVE-2013-4286", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.", "A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Siva Kakarla as the original reporter.", "upstream_fix": "bind 9.11.30, bind 9.16.14, bind 9.17.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-25215\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25215\nhttps://kb.isc.org/docs/cve-2021-25215" ], "name": "CVE-2021-25215", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2422\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2422" ], "name": "CVE-2019-2422", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A boundary error within the \"quicktake_100_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.", "LibRaw is vulnerable to stack-based buffer overflow in internal/dcraw_common.cpp:quicktake_100_load_raw() function when processing specially-crafted RAW data. An attacker could potentially use this flaw to cause an arbitrary code execution or denial of service." ], "statement": "This issue did not affect the versions of dcraw as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code.\nThis issue affects the versions of dcraw as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "LibRaw 0.18.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5805\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5805" ], "name": "CVE-2018-5805", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423." ], "upstream_fix": "icedtea 2.4.7, icedtea 1.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0452\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0452\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0452", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.", "An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7568\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7568" ], "name": "CVE-2018-7568", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "details": [ "Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.", "A flaw was found in the Linux kernel’s implementation of wireless drivers for the Intel PROset wireless hardware. This flaw allows an unauthorized attacker within the wireless radio range to cause the driver and the system to disconnect from the wireless network, triggering the operating system to lose network connectivity while the system is not connected. The highest threat from this vulnerability is system availability." ], "upstream_fix": "kernel 5.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0136\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0136" ], "name": "CVE-2019-0136", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2005-01-04T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.", "A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2005-1080\nhttps://nvd.nist.gov/vuln/detail/CVE-2005-1080" ], "name": "CVE-2005-1080", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "(CWE-602|CWE-829)", "details": [ "The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion." ], "upstream_fix": "unoconv 0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17400\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17400" ], "name": "CVE-2019-17400", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", "A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7942\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7942" ], "name": "CVE-2015-7942", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7177\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7177\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-325", "details": [ "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." ], "statement": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n- The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n- the attacker has to be a MITM\n- the attacker has to be able to control the client side to send requests to the buggy server on demand", "upstream_fix": "openssl 1.0.2r", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1559\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1559\nhttps://github.com/RUB-NDS/TLS-Padding-Oracles\nhttps://www.openssl.org/news/secadv/20190226.txt" ], "name": "CVE-2019-1559", "mitigation": { "value": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-253->CWE-476", "details": [ "An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference", "A flaw was found in the Linux kernel’s implementation of Extended Display Identification Data (EDID) technology. A firmware identifier string is duplicated with the kstrdup function, and the allocation may fail under very low memory conditions. An attacker could abuse this flaw by causing a Denial of Service and crashing the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12382\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12382" ], "name": "CVE-2019-12382", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." ], "upstream_fix": "thunderbird 60.5.1, firefox ESR 60.5.1, firefox 65.0.1, chromium-browser 71.0.3578.80", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18356\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18356\nhttps://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18356\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18356\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18356" ], "name": "CVE-2018-18356", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.", "A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application." ], "upstream_fix": "tomcat 7.0.76, tomcat 8.0.42, tomcat 8.5.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5648\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5648" ], "name": "CVE-2017-5648", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.", "It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15594\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15594" ], "name": "CVE-2018-15594", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-862", "details": [ "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.", "An issue was discovered in the Linux kernel where an incorrect access check in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16597\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16597" ], "name": "CVE-2018-16597", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-29T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.", "It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5118\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5118" ], "name": "CVE-2016-5118", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10958\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10958" ], "name": "CVE-2018-10958", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ivan Fratric as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5159\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5159\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159" ], "name": "CVE-2018-5159", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.", "Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. In a default or common use of Red Hat Enterprise Linux 7 and MRG-2 this issue does not allow an unprivileged local or remote user to elevate their privileges on the system.\nIn order to exploit this issue the attacker needs CAP_NET_ADMIN capability, which needs to be granted especially by the administrator to the attacker's process. This in turn requires granting CAP_NET_ADMIN capability to the process' binary and/or attacker's account.\nAnother possibility to obtain CAP_NET_ADMIN capability in Red Hat Enterprise Linux 7 for an attacker is running a process inside a user+network namespace with mapped root privileges inside the namespace. Since Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local or remote unprivileged users also cannot abuse namespaces to grant this capability to themselves and elevate their privileges.\nGiven the severity of this issue, future Linux kernel updates for the Red Hat Enterprise Linux 7 and MRG-2 products are planned to address it.", "acknowledgement": "Red Hat would like to thank Chaitin Security Research Lab for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7184\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7184" ], "name": "CVE-2017-7184", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-401->CWE-416", "details": [ "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.", "A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12770\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12770" ], "name": "CVE-2020-12770", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-12T05:40:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.", "A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process." ], "acknowledgement": "Red Hat would like to thank Adam Zabrocki for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12826\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12826\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1e7fd6462ca9fc76650fbe6ca800e35b24267da\nhttps://lists.openwall.net/linux-kernel/2020/03/24/1803\nhttps://www.openwall.com/lists/kernel-hardening/2020/03/25/1" ], "name": "CVE-2020-12826", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.", "An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine." ], "statement": "OpenShift Container Platform (OCP) source-to-image uses the git client packaged with the OCP container images. Since RHEL7 and its associated images are impacted, source-to-image is also impacted. The atomic-openshift package running on the masters controls the code that determines the source-to-image build image in use, therefore a cluster update is required to patch this issue. Full instructions will be provided in Security Errata provided for this issue.\nIn OCP 3.6 and earlier, source-to-image executes in a privileged container on the node. Therefore the severity of this CVE is important for these versions. OCP 3.7 and later execute source-to-image git pulls in an unprivileged init container.", "upstream_fix": "git 2.17.2, git 2.15.3, git 2.18.1, git 2.19.1, git 2.14.5, git 2.16.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17456\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17456" ], "name": "CVE-2018-17456", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-26T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.", "It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries." ], "acknowledgement": "This issue was discovered by William Brown (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5405\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5405" ], "name": "CVE-2016-5405", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2791\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2791\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2791", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-03-21T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation." ], "statement": "This issue does not affect the version of thunderbird package as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0818\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0818\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-28" ], "name": "CVE-2015-0818", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.", "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning." ], "upstream_fix": "httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8743\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8743\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" ], "name": "CVE-2016-8743", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8535\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8535" ], "name": "CVE-2019-8535", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.", "A denial of service flaw was found in the way OpenSSL verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification." ], "statement": "This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1792\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1792" ], "name": "CVE-2015-1792", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted file.", "An ouf-of-bounds read flaw was found in the way the file utility processed certain Pascal strings. A remote attacker could cause an application using the file utility (for example, PHP using the fileinfo module) to crash if it was used to identify the type of the attacker-supplied file." ], "upstream_fix": "file 5.21, php 5.5.21, php 5.4.37, php 5.6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9652\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9652" ], "name": "CVE-2014-9652", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-29T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments.", "A use-after-free flaw was found in the way PHP handled certain Standard PHP Library (SPL) Iterators. A malicious script author could possibly use this flaw to disclose certain portions of server memory." ], "statement": "This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "php 5.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4670\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4670" ], "name": "CVE-2014-4670", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Georg Koppen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5252\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5252\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-67.html" ], "name": "CVE-2016-5252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2684\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2684" ], "name": "CVE-2019-2684", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-131", "details": [ "Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session." ], "statement": "This issue affects the verison of wireshark as shipped with Red Hat Enterprsie Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.", "upstream_fix": "Wireshark 1.12.3, Wireshark 1.10.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0564\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0564\nhttps://www.wireshark.org/security/wnpa-sec-2015-05.html" ], "name": "CVE-2015-0564", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in tif_print.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 when using the tiffinfo tool to print crafted TIFF information, a different vulnerability than CVE-2017-18013. (This affects an earlier part of the TIFFPrintDirectory function that was not addressed by the CVE-2017-18013 patch.)" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7456\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7456" ], "name": "CVE-2018-7456", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication." ], "upstream_fix": "mariadb 10.0.24, mariadb 10.1.12, mariadb 5.5.48, mysql 5.5.48, mysql 5.7.11, mysql 5.6.29", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0650\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0650\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0650", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-14T17:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-203->CWE-385", "details": [ "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12126\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12126\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" ], "csaw": true, "name": "CVE-2018-12126" }, { "threat_severity": "Low", "public_date": "2018-07-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp." ], "statement": "This issue affects the versions of qt5-qtsvg and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19869\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19869" ], "name": "CVE-2018-19869", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-822", "details": [ "PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.", "A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Heikki Linnakangas as the original reporter.", "upstream_fix": "postgresql 9.2.18, postgresql 9.5.4, postgresql 9.1.23, postgresql 9.4.9, postgresql 9.3.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5423\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5423" ], "name": "CVE-2016-5423", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1835\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1835" ], "name": "CVE-2016-1835", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-03-13T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.", "A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file." ], "upstream_fix": "php 5.4.32, php 5.5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2497\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2497" ], "name": "CVE-2014-2497", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Andreea Pavel, Anne van Kesteren, Aral Yaman, Bob Clary, Chun-Min Chang, Gary Kwong, Jonathan Kew, and Masayuki Nakano as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9788\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9788\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9788" ], "name": "CVE-2019-9788", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts)." ], "upstream_fix": "mariadb 5.5.54, mariadb 10.0.29, mariadb 10.1.21, mysql 5.5.54", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3243\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3243\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" ], "name": "CVE-2017-3243", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2781\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2781" ], "name": "CVE-2020-2781", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.", "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9588\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9588" ], "name": "CVE-2016-9588", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-25T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-476", "details": [ "ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.", "It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5195\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5195" ], "name": "CVE-2015-5195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-30T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice.", "It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7978\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7978" ], "name": "CVE-2016-7978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11047\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11047" ], "name": "CVE-2020-11047", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.", "A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash." ], "statement": "This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1791\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1791" ], "name": "CVE-2015-1791", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16393\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16393\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16393", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-05-28T00:00:00Z", "cvss": { "cvss_base_score": "1.4", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-456->CWE-201", "details": [ "Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.", "A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request." ], "statement": "This issue does not affect the version of samba as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of samba3x as shipped with Red Hat Enterprise Linux 5. This issue affects the version of samba4 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having Low security impact, a future update may address this flaw.", "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Christof Schmitt as the original reporter.", "upstream_fix": "samba 4.1.8, samba 4.0.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0178\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0178\nhttp://www.samba.org/samba/security/CVE-2014-0178" ], "name": "CVE-2014-0178", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-07-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-304", "details": [ "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.", "It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks." ], "statement": "This issue does not affect the default OpenSSH sshd configuration in Red Hat Enterprise Linux 4, 5, 6 and 7.", "upstream_fix": "openssh 7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5600\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5600\nhttps://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/" ], "name": "CVE-2015-5600", "mitigation": { "value": "This issue can be mitigated by disabling keyboard-interactive authentication method. That can be achieved by setting \"ChallengeResponseAuthentication no\" in the /etc/ssh/sshd_config configuration file and restarting the sshd service.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw is rated as a having Moderate impact, because the bug can be triggered only if PPP protocol enabled.", "acknowledgement": "Red Hat would like to thank ChenNan Of Chaitin (Security Research Lab) for reporting this issue.", "upstream_fix": "Linux kernel 5.9-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25643\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25643\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105" ], "name": "CVE-2020-25643", "mitigation": { "value": "To mitigate this issue, prevent modules hdlc_ppp, syncppp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-29T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "details": [ "The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif." ], "statement": "Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw in libtiff.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1547\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1547" ], "name": "CVE-2015-1547", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-391", "details": [ "An issue was discovered in Artifex Ghostscript before 9.26. LockSafetyParams is not checked correctly if another device is used." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19409\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19409" ], "name": "CVE-2018-19409", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-843", "details": [ "The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a \"type confusion\" issue.", "A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code." ], "upstream_fix": "php 5.4.39, php 5.5.23, php 5.6.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4147\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4147" ], "name": "CVE-2015-4147", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.", "A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service." ], "upstream_fix": "systemd 234", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1049\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1049" ], "name": "CVE-2018-1049", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7985\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7985" ], "name": "CVE-2016-7985", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis." ], "upstream_fix": "pcre 8.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5073\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5073" ], "name": "CVE-2015-5073", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7983\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7983" ], "name": "CVE-2016-7983", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2796\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2796" ], "name": "CVE-2018-2796", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412." ], "upstream_fix": "icedtea 2.4.7, icedtea 1.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0451\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0451\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0451", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-129", "details": [ "An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).", "A memory corruption flaw was found in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Framebuffer Console in the Linux kernel. This flaw allows a local attacker to crash the system, leading to a denial of service." ], "upstream_fix": "Kernel 6.3-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-38409\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38409\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d" ], "name": "CVE-2023-38409", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module \"fbcon\" onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.", "A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4653\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4653" ], "name": "CVE-2014-4653", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.", "A shell command injection flaw related to the handling of \"ssh\" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a \"checkout\" or \"update\" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit." ], "acknowledgement": "Red Hat would like to thank the Subversion Team for reporting this issue.", "upstream_fix": "mercurial 4.3, mercurial 4.2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000116\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000116\nhttps://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29" ], "name": "CVE-2017-1000116", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.65, mariadb 10.4.7, mariadb 10.2.26, mariadb 10.3.17, mariadb 10.1.41, mysql 5.7.27, mysql 8.0.17, mysql 5.6.45", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2740\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2740\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" ], "name": "CVE-2019-2740", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.", "It was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges David Keeler as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2741\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2741\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-67.html" ], "name": "CVE-2015-2741", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-356", "details": [ "Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9." ], "upstream_fix": "thunderbird 52.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12374\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12374" ], "name": "CVE-2018-12374", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-10T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.", "A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface." ], "statement": "This issue affects the version of cups package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank CERT/CC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1159\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1159" ], "name": "CVE-2015-1159", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c." ], "statement": "This issue affects the versions of openssh as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 (versions 7.3 and earlier). For Red Hat Enterprise Linux 7 (versions 7.4 and later), this issue was fixed by the Security Advisory RHSA-2017:2029. For Red Hat Enterprise Linux 6, Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10708\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10708" ], "name": "CVE-2016-10708", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-02-20T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.", "It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter." ], "statement": "This issued does not affect Red Hat Enterprise Linux 5 because we do not provide support for Atheros 9k wireless network adapters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2672\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2672" ], "name": "CVE-2014-2672", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4868\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4868\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4868", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.", "A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14625\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14625" ], "name": "CVE-2018-14625", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3136\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3136" ], "name": "CVE-2018-3136", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.", "An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17972\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17972" ], "name": "CVE-2018-17972", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." ], "statement": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20099\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20099" ], "name": "CVE-2018-20099", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-29T04:41:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-287->CWE-306", "details": [ "It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.", "A flaw was found in nmcli, where the command-line interface to the NetworkManager did not accept the 802-1x.ca-path and 802-1x.phase2-ca-path settings when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and an insecure connection occurs." ], "upstream_fix": "NetworkManager 1.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10754\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10754" ], "name": "CVE-2020-10754", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.", "A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses." ], "statement": "This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6210\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6210" ], "name": "CVE-2016-6210", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8684\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8684\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8684", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.", "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9242\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9242" ], "name": "CVE-2017-9242", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2590\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2590" ], "name": "CVE-2020-2590", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-6371\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6371" ], "name": "CVE-2013-6371", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-662->CWE-122", "details": [ "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.", "A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the \"apache\" user." ], "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0226\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0226\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0226", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10372\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10372" ], "name": "CVE-2018-10372", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frederik Braun as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7798\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7798\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798" ], "name": "CVE-2017-7798", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-29T17:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.", "A flaw was found in grub2 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow, leading to a zero-sized memory allocation with a subsequent heap-based buffer overflow. The highest threat from this vulnerability is to integrity and system availability." ], "acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security Team) for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14311\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14311" ], "name": "CVE-2020-14311", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.", "It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0475\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0475\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0475", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2754\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2754" ], "name": "CVE-2020-2754", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18073\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18073" ], "name": "CVE-2018-18073", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.", "A flaw was found in the Linux kernel's implementation of the XFS filesystem. A key data structure (sb->s_fs_info) may not be de-allocated when the system is under memory pressure. This same data structure is then used at a later time during filesystem operations. This could allow a local attacker who is able to groom memory to place an attacker-controlled data structure in this location and create a use-after-free situation which can result in memory corruption or privilege escalation." ], "statement": "Red Hat Enterprise Linux 7.6.z had fixed this flaw mid release without it being recognised as a CVE. Prior releases of Red Hat Enterprise Linux EUS/AUS will still require the fix to be secure. Trackers have been made and fixes will be available as part of the standard release cycle.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20976\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20976" ], "name": "CVE-2018-20976", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-09-03T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-704", "details": [ "The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.", "It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the rest_proxy_call_get_url call. An attacker could use this flaw to crash an application using the librest library." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2675\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2675" ], "name": "CVE-2015-2675", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19535\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19535" ], "name": "CVE-2018-19535", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.", "It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request." ], "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1000110\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000110" ], "name": "CVE-2016-1000110", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-29T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-77", "details": [ "Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.", "It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository." ], "acknowledgement": "Red Hat would like to thank Blake Burkhart for reporting this issue.", "upstream_fix": "mercurial 3.7.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3069\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3069\nhttps://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29" ], "name": "CVE-2016-3069", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-567", "details": [ "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9819\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9819\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819" ], "name": "CVE-2019-9819", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Tsubasa Iinuma as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7214\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7214\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-149.html" ], "name": "CVE-2015-7214", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.", "A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or possible code execution." ], "acknowledgement": "This issue was discovered by Doran Moppert (Red Hat Product Security).", "upstream_fix": "openjpeg 1.5.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9675\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9675\nhttp://seclists.org/oss-sec/2016/q3/624" ], "name": "CVE-2016-9675", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-125", "details": [ "FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9664\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9664" ], "name": "CVE-2014-9664", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles \"..\" directory traversal in a mailbox name." ], "upstream_fix": "mutt 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14355\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14355" ], "name": "CVE-2018-14355", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-07T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.", "A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind." ], "upstream_fix": "krb5 1.11.6, krb5 1.12.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4345\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4345\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt" ], "name": "CVE-2014-4345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-29T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-407", "details": [ "The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote attackers to cause a denial of service (performance degradation) by triggering many file_printf calls.", "A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file." ], "statement": "This issue did not affect the php and the file packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of file as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Francisco Alonso (Red Hat Product Security).", "upstream_fix": "php 5.4.29, php 5.5.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0237\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0237" ], "name": "CVE-2014-0237", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Byron Campen, Carsten Book, Christoph Diehl, Dan Minor, Jon Coppeard, Mozilla developers, Philipp, Steve Fink, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5257\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5257\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5257", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.", "It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.10, ruby 2.3.7, ruby 2.5.1, ruby 2.4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6914\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6914\nhttps://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/" ], "name": "CVE-2018-6914", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-03T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "details": [ "The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.", "It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9278\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9278" ], "name": "CVE-2014-9278", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.", "An out of bounds read vulnerability was discovered in the way exiv2 parses Canon raw format (CRW) images. An application that uses exiv2 library to parse untrusted images may be vulnerable to this flaw, which could be used by an attacker to extract data from the application's memory or make it crash. The biggest threat with this vulnerability is availability of the system." ], "upstream_fix": "exiv2 0.27.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17402\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17402" ], "name": "CVE-2019-17402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8594\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8594\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8594", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)." ], "upstream_fix": "mariadb 5.5.54, mariadb 10.1.21, mariadb 10.0.29, mysql 5.5.54, mysql 5.6.35, mysql 5.7.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3258\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3258\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" ], "name": "CVE-2017-3258", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", "It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.", "upstream_fix": "OpenSSL 1.0.0p, OpenSSL 1.0.1k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0205\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0205\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2015-0205", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3856\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3856\nhttps://www.libssh2.org/CVE-2019-3856.html" ], "name": "CVE-2019-3856", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5161\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5161\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161" ], "name": "CVE-2018-5161", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, when running with logger set to \"WLOG_TRACE\", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11019\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11019" ], "name": "CVE-2020-11019", "mitigation": { "value": "This flaw can be mitigated by not setting the logging level to \"trace\" on the freerdp server.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7973\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7973" ], "name": "CVE-2016-7973", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes." ], "upstream_fix": "systemd 237", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16888\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16888" ], "name": "CVE-2018-16888", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6505\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6505" ], "name": "CVE-2014-6505", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service." ], "upstream_fix": "net-snmp 5.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18066\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18066" ], "name": "CVE-2018-18066", "mitigation": { "value": "Configuring snmp with a secret community string makes this attack much more difficult to perform, as the attacker must guess the community string in order to exploit the vulnerability.\nProtecting the snmp service with host firewall rules to prevent unauthorized hosts from sending messages to the snmp service will prevent this attack being carried out by users of other hosts on the network.\nEither or both of these steps is recommended to prevent potential attackers from gaining extra information about network devices and topology, and from causing undue load to snmp services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2803\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2803" ], "name": "CVE-2020-2803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.1.38, mariadb 5.5.63, mariadb 10.0.38, mysql 5.7.25, mysql 8.0.14, mysql 5.6.43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2529\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2529\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" ], "name": "CVE-2019-2529", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”", "An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11565\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11565" ], "name": "CVE-2020-11565", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2745\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2745" ], "name": "CVE-2019-2745", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-16T00:00:00Z", "cvss": { "cvss_base_score": "2.4", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.", "A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 (as they did not include support for netfilter tables API).\nThis issue affects the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1573\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1573" ], "name": "CVE-2015-1573", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-25T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp." ], "upstream_fix": "node 14.3.0, node 12.17.0, node 10.21.0, chromium-browser 80.0.3987.122", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10531\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10531\nhttps://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html" ], "name": "CVE-2020-10531", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8816\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.", "A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19537\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19537" ], "name": "CVE-2019-19537", "mitigation": { "value": "Many Character devices can trigger this flaw as they leverage the lower levels of the USB subsystem.\nThe safest method that I have found would be to disable USB ports that are able to be attacked\nusing this method, disable them first by disallowing them from waking up from low-power states \nwith the command (Replace X with the port number available).\necho disabled >> /sys/bus/usb/devices/usbX/power/wakeup \nThe system must also disable the specific ports power after with the command:\necho suspend | sudo tee /sys/bus/usb/devices/usbX/power/level\nThis change not persist through system reboots and must be applied at each reboot to be effective.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9667\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9667" ], "name": "CVE-2014-9667", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-667", "details": [ "Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.", "A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6.\nThis issue affects the Linux kernel packages kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4170\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4170" ], "name": "CVE-2015-4170", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", "An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel's nft_byteorder_eval in net/netfilter/nft_byteorder.c. A bound check failure allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation issue due to incorrect data alignment." ], "statement": "Exploiting this flaw will require the CAP_NET_ADMIN access privilege in any user or network namespace.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-35001\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35001\nhttps://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/\nhttps://www.openwall.com/lists/oss-security/2023/07/05/3" ], "name": "CVE-2023-35001", "mitigation": { "value": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel netfilter module. \nFor instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox=\"allow-scripts\" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nikita Arykov as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5262\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5262\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-76.html" ], "name": "CVE-2016-5262", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7189\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7189\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-123.html" ], "name": "CVE-2015-7189", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.1.33, mariadb 10.2.15, mariadb 10.0.35, mariadb 5.5.60, mysql 5.5.60, mysql 5.7.22, mysql 5.6.40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2819\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2819\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" ], "name": "CVE-2018-2819", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2603\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2603" ], "name": "CVE-2018-2603", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-28T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-626", "details": [ "PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument save method or (2) the GD imagepsloadfont function, as demonstrated by a filename\\0.html attack that bypasses an intended configuration in which client users may write to only .html files.", "It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions." ], "upstream_fix": "php 5.4.42, php 5.6.10, php 5.5.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4598\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4598" ], "name": "CVE-2015-4598", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "statement": "Firefox on Red Hat Enterprise Linux is built against the system nss library.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jonas Allmann as the original reporter.", "upstream_fix": "nss 3.45", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11729\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11729\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729" ], "name": "CVE-2019-11729", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122->CWE-787", "details": [ "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow." ], "acknowledgement": "Red Hat would like to thank ManhND (Tarantula Team) and VinCSS (Vingroup) for reporting this issue.", "upstream_fix": "perl 5.30.3, perl 5.28.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10543\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10543" ], "name": "CVE-2020-10543", "mitigation": { "value": "To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 60.9, firefox 68.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11746\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11746\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746" ], "name": "CVE-2019-11746", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-01-29T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Christian Holler, Christoph Diehl, Gary Kwong, Jason Kratzer, and Steven Crane as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18501\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18501\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18501" ], "name": "CVE-2018-18501", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2012-11-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo." ], "upstream_fix": "jQuery UI 1.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2012-6662\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6662" ], "name": "CVE-2012-6662", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service", "A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Dario Weisser as the original reporter.", "upstream_fix": "curl 7.59.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000121\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000121\nhttps://curl.haxx.se/docs/adv_2018-97a2.html" ], "name": "CVE-2018-1000121", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-228->CWE-476", "details": [ "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.", "A vulnerability was found in libarchive. A specially crafted CAB file could cause the application dereference a NULL pointer, leading to a crash." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8917\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8917" ], "name": "CVE-2015-8917", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.", "Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "upstream_fix": "kernel 4.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0861\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0861" ], "name": "CVE-2017-0861", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.", "It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way." ], "statement": "This issue did not affect the kvm packages as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Nadav Amit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2010-5313\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5313" ], "name": "CVE-2010-5313", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-25T06:30:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-1239", "details": [ "An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.", "A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-20593\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20593\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=522b1d69219d8f083173819fde04f994aa051a98\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html" ], "name": "CVE-2023-20593", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-05-27T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-611", "details": [ "java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", "It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information." ], "statement": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Low security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "tomcat 7.0.53, tomcat 6.0.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0096\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0096" ], "name": "CVE-2014-0096", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-15T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.", "Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, MRG-2 and realtime kernels. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10208\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10208" ], "name": "CVE-2016-10208", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-10T06:36:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-131", "details": [ "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.", "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them." ], "acknowledgement": "Red Hat would like to thank Kirill Tkhai (Virtuozzo Kernel team) for reporting this issue.", "upstream_fix": "Kernel 5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4155\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4155\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79" ], "name": "CVE-2021-4155", "mitigation": { "value": "This issue can be mitigated by ensuring xfs_alloc_file_space is not called with \"0\" as an argument.\nThis can be done with a SystemTap script (which resets \"0\" with XFS_BMAPI_PREALLOC), below are the steps:\n1) Save the following script in a 'CVE-2021-4155.stp' file\n--- On Red Hat Enterprise Linux 6 ---\nprobe module(\"xfs\").function(\"xfs_alloc_file_space\") {\nif ($alloc_type == 0)\n$alloc_type = 0x40;# XFS_BMAPI_PREALLOC\n}\n--- On Red Hat Enterprise Linux 6 ---\n--- On Red Hat Enterprise Linux 7 onwards ---\nprobe module(\"xfs\").function(\"xfs_alloc_file_space\") {\nif ($alloc_type == 0)\n$alloc_type = 0x8;# XFS_BMAPI_PREALLOC\n}\n--- On Red Hat Enterprise Linux 7 onwards ---\n2) Install systemtap package and its dependencies\n# yum install -y systemtap systemtap-runtime\n# yum install -y kernel-devel kernel-debuginfo\n3) Build the mitigation kernel module as root.\n# stap -r `uname -r` -m cve_2021_4155.ko -g CVE-2021-4155.stp -p4\n4) Load the mitigation module as root\n# staprun -L cve_2021_4155.ko\nWhat is SystemTap and how to use it?\nhttps://access.redhat.com/solutions/5441", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11692\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11692\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692" ], "name": "CVE-2019-11692", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5204\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5204" ], "name": "CVE-2017-5204", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-20T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-440", "details": [ "The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing \"$((`...`))\".", "It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application." ], "statement": "This issue affects the version of glibc package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact.\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata", "acknowledgement": "This issue was discovered by Tim Waugh (Red Hat Developer Experience Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7817\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7817" ], "name": "CVE-2014-7817", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"decode_ne_resource_id\" function in the \"restable.c\" source file. This is happening because the \"len\" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool.", "A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution." ], "upstream_fix": "icoutils 0.31.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6009\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6009" ], "name": "CVE-2017-6009", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-07-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.", "A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to system availability." ], "statement": "Red Hat Certificate System 10.0 as well as Red Hat Enterprise Linux 8's Identity Management, are using a vulnerable version of Tomcat, bundled into the pki-servlet-engine component. However, there is no entry point for WebSockets, thus it is not possible to trigger the flaw in a supported setup. A future update may fix the code. Similarly, Red Hat OpenStack Platform 13 does not ship with WebSocket functionality enabled by default.", "upstream_fix": "tomcat 10.0.0-M7, tomcat 9.0.37, tomcat 8.5.57, tomcat 7.0.105", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13935\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13935\nhttp://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E\nhttp://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37" ], "name": "CVE-2020-13935", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120->CWE-121", "details": [ "In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.", "A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected is privileged, this leads to privilege escalation." ], "upstream_fix": "zsh 5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18206\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18206" ], "name": "CVE-2017-18206", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3991\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3991" ], "name": "CVE-2016-3991", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5484\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5484" ], "name": "CVE-2017-5484", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-21T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption." ], "upstream_fix": "mariadb 5.5.41, mariadb 10.0.16, mysql 5.5.41, mysql 5.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0411\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0411\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL" ], "name": "CVE-2015-0411", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.", "It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates." ], "acknowledgement": "This issue was discovered by Christina Fu (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7537\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7537" ], "name": "CVE-2017-7537", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-27T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "(CWE-290|CWE-347)", "details": [ "GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15587\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15587" ], "name": "CVE-2018-15587", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-31T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Multiple integer overflows in process_bin_update function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code." ], "statement": "The versions of memcached as shipped with Red Hat OpenStack Platform 7, 8 and 9 are affected by this issue however will not be updated. The latest version of memcached from Red Hat Enterprise Linux 7 can safely be allowed to supersede the earlier versions provided in the Red Hat OpenStack Platform channels.", "upstream_fix": "memcached 1.4.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8705\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8705\nhttp://www.talosintelligence.com/reports/TALOS-2016-0220/" ], "name": "CVE-2016-8705", "mitigation": { "value": "This flaw is in the memcached binary protocol. If your client programs only use the ASCII protocol when communicating with memcached, you can disable the binary protocol and protect against this flaw by adding \"-B ascii\" to OPTIONS in /etc/sysconfig/memcached.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Thomas Imbert as the original reporter.", "upstream_fix": "firefox 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6796\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6796\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796" ], "name": "CVE-2020-6796", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of \"data:\" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges insertscript as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9900\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9900\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9900" ], "name": "CVE-2016-9900", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-09-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-228->CWE-122", "details": [ "Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to \"unbalanced quotes.\"", "A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3618\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3618" ], "name": "CVE-2014-3618", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sascha Just as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2814\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2814\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-44.html" ], "name": "CVE-2016-2814", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-772", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.", "It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4749\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4749\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4749", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.", "ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7566\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7566" ], "name": "CVE-2018-7566", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2724\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2724\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-59.html" ], "name": "CVE-2015-2724", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.", "An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9807\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9807" ], "name": "CVE-2016-9807", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-642", "details": [ "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.", "A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7.0 and 7.1 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7.2 and newer and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "acknowledgement": "Red Hat would like to thank Andrew Aday (Columbia University), Fan Wu (The University of Hong Kong), Leilei Lin (Alibaba Group), Shankara Pailoor (Columbia University), and Shixiong Zhao (The University of Hong Kong) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7533\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7533" ], "name": "CVE-2017-7533", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2800\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2800" ], "name": "CVE-2018-2800", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.", "A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.10.3-P2, bind 9.9.8-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8000\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8000\nhttps://kb.isc.org/article/AA-01317" ], "name": "CVE-2015-8000", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled images with odd tile width versus image width. Reported as MSVR 35103, aka \"cpStripToTile heap-buffer-overflow.\"" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9540\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9540" ], "name": "CVE-2016-9540", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-29T17:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787->CWE-78", "details": [ "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Kernel and kernel-rt packages as shipped with Red Hat Enterprise Linux 7 and 8 are being updated to contain the new Red Hat certificate for secure boot.", "acknowledgement": "Red Hat would like to thank Jesse Michael (Eclypsium) and Mickey Shkatov (Eclypsium) for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10713\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10713\nhttps://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html\nhttps://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/\nhttps://www.openwall.com/lists/oss-security/2020/07/29/3" ], "csaw": true, "name": "CVE-2020-10713", "mitigation": { "value": "There is no mitigation for the flaw.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2019-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.", "A use-after-free flaw was found in the Linux kernel’s input device driver functionality when unplugging a device. A user with physical access could use this flaw to crash the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19524\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19524" ], "name": "CVE-2019-19524", "mitigation": { "value": "To mitigate this issue for the Red Hat Enterprise Linux 7 or higher version, prevent module ff-memless from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-284|CWE-250)", "details": [ "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.", "The virConnectGetDomainCapabilities() libvirt API accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges." ], "statement": "* This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.\n* Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.", "acknowledgement": "This issue was discovered by Jan Tomko (Red Hat).", "upstream_fix": "libvirt 4.10.1, libvirt 5.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10167\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10167\nhttps://access.redhat.com/libvirt-privesc-vulnerabilities" ], "csaw": true, "name": "CVE-2019-10167", "mitigation": { "value": "The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-285", "details": [ "A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'." ], "upstream_fix": "cloud-init 19.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0816\nhttps://support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm" ], "name": "CVE-2019-0816", "mitigation": { "value": "See steps from https://support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.", "A flaw was found in the Linux kernel. The crypto_report function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the error cleanup code path.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19062\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19062" ], "name": "CVE-2019-19062", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module crypto_user. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-21T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-732", "details": [ "A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.", "A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "This issue was discovered by Daniel P. Berrange (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10132\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10132\nhttps://security.libvirt.org/2019/0003.html" ], "name": "CVE-2019-10132", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5435\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5435\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5435" ], "name": "CVE-2017-5435", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792." ], "upstream_fix": "mariadb 10.0.22, mariadb 10.1.8, mariadb 5.5.46, mysql 5.6.27, mysql 5.5.46", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4802\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4802\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4802", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3606\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3606\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3606", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.", "A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4495\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4495\nhttps://access.redhat.com/articles/1563163\nhttps://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-78.html" ], "csaw": true, "name": "CVE-2015-4495" }, { "threat_severity": "Moderate", "public_date": "2016-06-24T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "details": [ "The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.", "A vulnerability in the handling of Transactional Memory on powerpc systems was found. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec() class system calls." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel packages as shipped with\nRed Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5828\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5828" ], "name": "CVE-2016-5828", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.", "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash." ], "acknowledgement": "Red Hat would like to thank Joel Miller (Pennsylvania Higher Education Assistance Agency) for reporting this issue.", "upstream_fix": "rsyslog 8.27.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16881\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16881" ], "name": "CVE-2018-16881", "mitigation": { "value": "This vulnerability requires the \"imptcp\" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string `$InputPTCPServerRun`in your rsyslog configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19058\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19058" ], "name": "CVE-2018-19058", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-04T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.", "It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses." ], "statement": "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nTo mitigate this issue, you may use the ip6tables command to prevent spoofing of local addresses on any network interface other than the loopback interface. Refer to the Mitigation section on our KBase article: https://access.redhat.com/articles/1305723", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9751\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9751\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so" ], "name": "CVE-2014-9751", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-06T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "(CWE-125|CWE-476)", "details": [ "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.", "The assoc_array_insert_into_terminal_node() function in 'lib/assoc_array.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as the flaw was already fixed in the products listed.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7914\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7914" ], "name": "CVE-2016-7914", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-369", "details": [ "ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c." ], "upstream_fix": "ImageMagick 7.0.8-54, ImageMagick 6.9.10-54", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13454\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13454" ], "name": "CVE-2019-13454", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-17T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet." ], "statement": "This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5", "upstream_fix": "wireshark 1.12.2, wireshark 1.10.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8711\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8711\nhttps://www.wireshark.org/security/wnpa-sec-2014-21.html" ], "name": "CVE-2014-8711", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.", "A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system." ], "upstream_fix": "python-pillow 6.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-5312\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5312" ], "name": "CVE-2020-5312", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-99", "details": [ "When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice." ], "upstream_fix": "tomcat 9.0.12, tomcat 8.5.34, tomcat 7.0.91", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11784\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11784\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.91\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.34\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.12" ], "name": "CVE-2018-11784", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", "A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9421\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9421\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-9421", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7578\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7578" ], "name": "CVE-2019-7578", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-863", "details": [ "Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Oliver Wagner as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7787\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7787\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7787" ], "name": "CVE-2017-7787", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.", "A missing fix for one stack-based buffer overflow in findTable() for CVE-2014-8184 was discovered. An attacker could cause denial of service or potentially allow arbitrary code execution." ], "acknowledgement": "Red Hat would like to thank Samuel Thibault for reporting this issue.", "upstream_fix": "liblouis 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15101\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15101" ], "name": "CVE-2017-15101", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7934\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7934" ], "name": "CVE-2016-7934", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-13T07:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.", "A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user." ], "statement": "Gnome uses the ibus input framework only when the user explicitly configures it or when some input method sources are in use, like Korean from the ibus-hangul package or Chinese input methods from the ibus-libpinyin. Input methods like en-US are not handled by ibus, thus if the victim user just use them the attacker will not be able to intercept the key strokes of that user.", "acknowledgement": "Red Hat would like to thank Simon McVittie (Collabora Ltd.) for reporting this issue.", "upstream_fix": "ibus 1.5.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14822\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14822" ], "name": "CVE-2019-14822", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-25T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.", "A flaw was found in the way the Linux kernel's VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the system." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8559\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8559" ], "name": "CVE-2014-8559", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate." ], "upstream_fix": "gnutls 3.5.8, gnutls 3.3.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5335\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5335" ], "name": "CVE-2017-5335", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service." ], "statement": "This issue was addressed via upstream nss-3.44, which is already shipped with Red Hat Enterprise Linux 6, 7 and 8.", "upstream_fix": "nss 3.44", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17007\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17007" ], "name": "CVE-2019-17007", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.0.35, mariadb 10.2.15, mariadb 5.5.61, mariadb 10.1.33, mariadb-connector-c 3.0.5, mysql 8.0.23, mysql 5.7.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2011\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2011\nhttps://www.oracle.com/security-alerts/cpujan2021.html#AppendixMSQL" ], "name": "CVE-2021-2011", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11691\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11691\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691" ], "name": "CVE-2019-11691", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL." ], "upstream_fix": "mod_auth_mellon 0.15.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13038\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13038" ], "name": "CVE-2019-13038", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-22T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-435", "details": [ "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.", "A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future updates in the respective releases may address this flaw.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5157\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5157" ], "name": "CVE-2015-5157", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7642\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7642" ], "name": "CVE-2018-7642", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." ], "upstream_fix": "pcre 8.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8388\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8388" ], "name": "CVE-2015-8388", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-17T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.", "The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8970\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8970" ], "name": "CVE-2015-8970", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5276\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5276\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5276", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8584\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8584\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8584", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9." ], "upstream_fix": "thunderbird 52.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12373\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12373" ], "name": "CVE-2018-12373", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service.", "An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 3.0.15, freeradius 2.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10978\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10978\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4903\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4903\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4903", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-16T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.", "An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly decremented, which gave the wrong report for callers of the stat(2) syscall. This wasted metadata space and allowed for the truncated data to be leaked, and data corruption or loss to occur. A caller of the clone ioctl could exploit this flaw by using only standard file-system operations without root access to read the truncated data." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and is not currently planned to be addressed in future updates.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8374\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8374" ], "name": "CVE-2015-8374", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-08T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.", "A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash." ], "upstream_fix": "bind 9.10.1-P1, bind 9.9.6-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8500\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8500\nhttps://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html" ], "name": "CVE-2014-8500", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-401", "details": [ "ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10804\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10804" ], "name": "CVE-2018-10804", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-456", "details": [ "In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially execute code.", "It was discovered that ghostscript did not properly verify the key used in aesdecode. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue did affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7. \nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15911\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15911\nhttps://www.kb.cert.org/vuls/id/332928" ], "name": "CVE-2018-15911", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.", "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code." ], "upstream_fix": "openssl 1.0.2i, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2182\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2182\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2182", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges jomo as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2828\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2828\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-56.html" ], "name": "CVE-2016-2828", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-16T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.", "A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue.", "upstream_fix": "postgresql 9.2.10, postgresql 9.1.15, postgresql 9.3.6, postgresql 9.0.19, postgresql 9.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0241\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0241\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2015-0241", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "4.1", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.", "A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6587\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6587\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2014-6587", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the \"lp\" user." ], "upstream_fix": "cups-filters 1.0.71", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3279\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3279" ], "name": "CVE-2015-3279", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-31T00:00:00Z", "cvss3": { "cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter (Geeknik Labs) as the original reporter.", "upstream_fix": "curl 7.62.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16842\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16842\nhttps://curl.haxx.se/docs/CVE-2018-16842.html" ], "name": "CVE-2018-16842", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.", "A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Dave Feldman (Oracle), Jeff Warren (Oracle), and Joel Cunningham (Oracle) as the original reporters.", "upstream_fix": "bind 9.11.22, bind 9.16.6, bind 9.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8622\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8622\nhttps://kb.isc.org/docs/cve-2020-8622" ], "name": "CVE-2020-8622", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.", "A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest." ], "acknowledgement": "Red Hat would like to thank Andy Lutomirski and Mika Penttilä for reporting this issue.", "upstream_fix": "kernel 4.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10853\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10853" ], "name": "CVE-2018-10853", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-03T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", "It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate." ], "upstream_fix": "curl 7.50.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5419\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5419\nhttps://curl.haxx.se/docs/adv_20160803A.html" ], "name": "CVE-2016-5419", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8622\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8622\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8622", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.", "A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12654\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12654" ], "name": "CVE-2020-12654", "mitigation": { "value": "In order to mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel module mwifiex. For instructions relating to how to blacklist a kernel module, refer to: https://access.redhat.com/solutions/41278", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-22T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-285->CWE-200", "details": [ "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.", "It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file." ], "acknowledgement": "This issue was discovered by Luyao Huang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0236\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0236\nhttp://security.libvirt.org/2015/0001.html" ], "name": "CVE-2015-0236", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.", "A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well." ], "statement": "Firefox and Thunderbird on Red Hat Enterprise Linux are built against the system nss library.", "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue.", "upstream_fix": "nss 3.47.1, nss 3.44.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11745\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11745\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes" ], "name": "CVE-2019-11745", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-23T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure." ], "upstream_fix": "jasper 1.900.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9387\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9387" ], "name": "CVE-2016-9387", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::UserInteraction#verbose calls say without escaping, escape sequence injection is possible." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8321\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8321" ], "name": "CVE-2019-8321", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-02-23T00:00:00Z", "cvss": { "cvss_base_score": "7.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-119", "details": [ "The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.", "An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user)." ], "statement": "This issue does not affect the version of samba package as shipped with Red Hat Enterprise Linux 4 and 5. It does affect the version of samba as shipped with Red Hat Enterprise Linux 6 and 7, as well as the version of samba3x shipped with Red Hat Enterprise Linux 5 and the version of samba4 as shipped with Red Hat Enterprise Linux 6.\nRed Hat Product Security has determined that this vulnerability has Important impact on Red Hat Enterprise Linux 7 because the Samba version shipped in this version of the operating system only executes the vulnerable code after a memory allocation failure, making it more difficult to exploit this flaw.", "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges Richard van Eeden (Microsoft Vulnerability Research) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0240\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0240\nhttps://access.redhat.com/articles/1346913\nhttps://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/\nhttps://www.samba.org/samba/security/CVE-2015-0240" ], "csaw": true, "name": "CVE-2015-0240", "mitigation": { "value": "On Samba versions 4.0.0 and above, add the line:\nrpc_server:netlogon=disabled\nto the [global] section of your smb.conf. For Samba versions 3.6.x and\nearlier, this workaround is not available.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.", "A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process." ], "upstream_fix": "squid 3.5.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4555\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4555\nhttp://www.squid-cache.org/Advisories/SQUID-2016_9.txt" ], "name": "CVE-2016-4555", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-12T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-120", "details": [ "The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.", "A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association." ], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3331\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3331" ], "name": "CVE-2015-3331", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-14T17:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.", "Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3646\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3646\nhttps://access.redhat.com/articles/3562741\nhttps://access.redhat.com/security/vulnerabilities/L1TF\nhttps://foreshadowattack.eu/\nhttps://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault\nhttps://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow\nhttps://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know" ], "csaw": true, "name": "CVE-2018-3646" }, { "threat_severity": "Moderate", "public_date": "2016-05-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-77", "details": [ "The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.", "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5239\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5239" ], "name": "CVE-2016-5239", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8674\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8674\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8674", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.", "Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0795\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0795" ], "name": "CVE-2016-0795", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-06T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-681", "details": [ "Multiple integer overflows in the (1) jas_realloc function in base/jas_malloc.c and (2) mem_resize function in base/jas_stream.c in JasPer before 1.900.22 allow remote attackers to cause a denial of service via a crafted image, which triggers use after free vulnerabilities." ], "upstream_fix": "jasper 1.900.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9262\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9262" ], "name": "CVE-2016-9262", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.", "A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message." ], "acknowledgement": "Red Hat would like to thank the NTP project for reporting this issue. Upstream acknowledges Cure53 as the original reporter.", "upstream_fix": "ntp 4.2.8p10, ntp 4.3.94", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6464\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6464" ], "name": "CVE-2017-6464", "mitigation": { "value": "Properly monitor your ntpd instances, and auto-restart ntpd (without -g) if it stops running.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-356", "details": [ "Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Damian Poddebniak, Jens Müller, Jörg Schwenk, Marcus Brinkmann, and Sebastian Schinzel as the original reporters.", "upstream_fix": "thunderbird 60.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11739\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11739\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11739" ], "name": "CVE-2019-11739", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5434\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5434\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5434" ], "name": "CVE-2017-5434", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bounds read during Huffman uncompression, as demonstrated by FastHufDecoder::refill in ImfFastHuf.cpp." ], "upstream_fix": "OpenEXR 2.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11761\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11761" ], "name": "CVE-2020-11761", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-25T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-392->CWE-119", "details": [ "The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data." ], "acknowledgement": "Red Hat would like to thank GnuTLS upstream for reporting this issue.", "upstream_fix": "libtasn1 3.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3468\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3468" ], "name": "CVE-2014-3468", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.", "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user." ], "statement": "Red Hat Satellite since version 6.4 uses sssd from the Red Hat Enterprise Linux repositories, where this vulnerability is fixed.", "acknowledgement": "This issue was discovered by Jakub Hrozek (Red Hat).", "upstream_fix": "SSSD 1.16.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10852\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10852\nhttps://pagure.io/SSSD/sssd/issue/3766" ], "name": "CVE-2018-10852", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2659\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2659" ], "name": "CVE-2020-2659", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-451", "details": [ "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Xisigr as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5117\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5117\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117" ], "name": "CVE-2018-5117", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "(CWE-400|CWE-266)", "details": [ "Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access" ], "upstream_fix": "bluez 5.54", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0556\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0556\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html" ], "name": "CVE-2020-0556", "mitigation": { "value": "Disable Bluetooth. Instructions on disabling bluetooth in Red Hat Enterprise Linux are available at: https://access.redhat.com/solutions/2682931", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the \"gap\" between the stack and the binary.", "A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 prior to kernel version 3.10.0-693, that is Red Hat Enterprise Linux 7.4 GA kernel version. Kernel versions after 3.10.0-693 contain the fix and are thus not vulnerable.\nThis issue affects the Linux kernel-rt packages prior to the kernel version 3.10.0-693.rt56.617 (Red Hat Enteprise Linux for Realtime) and 3.10.0-693.2.1.rt56.585.el6rt (Red Hat Enterprise MRG 2). The latest Linux kernel-rt packages as shipped with Red Hat Enterprise Linux for Realtime and Red Hat Enterprise MRG 2 are not vulnerable.\nFuture Linux kernel updates for the respective releases will address this issue.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000253\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000253\nhttps://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt" ], "csaw": true, "name": "CVE-2017-1000253", "mitigation": { "value": "By setting vm.legacy_va_layout to 1 we can effectively disable the exploitation of this issue by switching to the legacy mmap layout. The mmap allocations start much lower in the process address space and follow the bottom-up allocation model. As such, the initial PIE executable mapping is far from the reserved stack area and cannot interfere with the stack.\n64-bit processes on Red Hat Enterprise Linux 5 are forced to use the legacy virtual address space layout regardless of the vm.legacy_va_layout value.\nNote: Applications that have demands for a large linear address space (such as certain databases) may be unable to handle the legacy memory layout proposed using this mitigation. We recommend to test your systems and applications before deploying this mitigation on production systems.\nEdit the /etc/sysctl.conf file as root, and add or amend:\nvm.legacy_va_layout = 1\nTo apply this setting, run the /sbin/sysctl -p command as the root user to reload the settings from /etc/sysctl.conf.\nVerify that vm.legacy_va_layout is now set to defined value:\n$ /sbin/sysctl vm.legacy_va_layout\nvm.legacy_va_layout = 1", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2016-01-17T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8898\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8898\nhttp://seclists.org/oss-sec/2016/q2/459\nhttps://github.com/ImageMagick/ImageMagick/pull/34" ], "name": "CVE-2015-8898", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-07T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.", "An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges." ], "acknowledgement": "Red Hat would like to thank Robert Święcki for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7826\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7826" ], "name": "CVE-2014-7826", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-667->CWE-416", "details": [ "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.", "A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-29661\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-29661" ], "name": "CVE-2020-29661", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-08-08T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-667", "details": [ "The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.", "It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call." ], "statement": "This issue affects Red Hat Enterprise Linux 6 and 7 kernels. This issue was fixed in a version 6 prior to this issue being raised.\nAs this issue is rated as important, it has been scheduled to be fixed in a future version of Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3841\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3841" ], "name": "CVE-2016-3841", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.", "The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2, as KASLR feature is not present or enabled in these products.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5750\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5750" ], "name": "CVE-2018-5750", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.", "A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy." ], "upstream_fix": "haproxy 1.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6269\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6269" ], "name": "CVE-2014-6269", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "The content security policy (CSP) \"sandbox\" directive did not create a unique origin for the document, causing it to behave as if the \"allow-same-origin\" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jun Kokatsu as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7823\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7823\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7823" ], "name": "CVE-2017-7823", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-21T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.", "An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid device_index value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3182\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3182" ], "name": "CVE-2014-3182", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-22T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.", "A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed." ], "statement": "This issue did not affect the versions of unzip as shipped with Red Hat Enterprise Linux 5 as they did not include support for Zip64.", "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8141\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8141\nhttp://www.ocert.org/advisories/ocert-2014-011.html" ], "name": "CVE-2014-8141", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.", "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10879\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10879" ], "name": "CVE-2018-10879", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "details": [ "The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.", "It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd." ], "upstream_fix": "ntp 4.2.8p4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7692\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7692\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner\nhttps://github.com/ntp-project/ntp/blob/stable/NEWS#L11" ], "name": "CVE-2015-7692", "mitigation": { "value": "Disable NTP autokey authentication by removing, or commenting out, all configuration directives beginning with the 'crypto' keyword in your ntp.conf file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mathias Karlsson as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7807\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7807\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7807" ], "name": "CVE-2017-7807", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-10-01T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-732", "details": [ "Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.", "A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat MRG 2 kernels. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7613\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7613" ], "name": "CVE-2015-7613", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-10T17:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Carl Waldspurger (Carl Waldspurger Consulting) and Vladimir Kiriansky (MIT) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3693\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3693\nhttps://01.org/security/advisories/intel-oss-10002\nhttps://access.redhat.com/solutions/3523601\nhttps://people.csail.mit.edu/vlk/spectre11.pdf\nhttps://software.intel.com/sites/default/files/managed/4e/a1/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf" ], "csaw": true, "name": "CVE-2018-3693" }, { "threat_severity": "Moderate", "public_date": "2020-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-400", "details": [ "In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.", "A flaw was found in bind. Updates to \"Update-policy\" rules of type \"subdomain\" are treated as if they were of type \"zonesub\" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Joop Boonen (credativ GmbH) as the original reporter.", "upstream_fix": "bind 9.11.22, bind 9.16.6, bind 9.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8624\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8624\nhttps://kb.isc.org/docs/cve-2020-8624" ], "name": "CVE-2020-8624", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence." ], "upstream_fix": "jasper 1.900.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10248\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10248" ], "name": "CVE-2016-10248", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-17T00:00:00Z", "cvss": { "cvss_base_score": "1.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.", "It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8136\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8136" ], "name": "CVE-2014-8136", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename." ], "statement": "The \"FilesMatch\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux.\nRed Hat Satellite 6 uses Red Hat Enterprise Linux 7's httpd package, and enables the \"FilesMatch\" directive. However, this is not believed to have an impact on security, as, in the context of a Satellite, no one is expected to have the ability to modify file names in the concerned directories. This is not considered as a vector for attack.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15715\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15715\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-15715", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4521\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4521\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-4521", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.", "It was found that samba did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.6.8, samba 4.7.0, samba 4.4.16, samba 4.5.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12150\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12150\nhttps://www.samba.org/samba/security/CVE-2017-12150.html" ], "name": "CVE-2017-12150", "mitigation": { "value": "The missing implied signing for 'smb2mount -e', 'smbcacls -e' and 'smbcquotas -e' can be enforced by explicitly using '--signing=required' on the commandline or \"client signing = required\" in smb.conf.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML." ], "upstream_fix": "mariadb 5.5.48, mariadb 10.1.12, mariadb 10.0.24, mysql 5.6.29, mysql 5.7.11, mysql 5.5.48", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0640\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0640\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0640", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value." ], "upstream_fix": "gstreamer1-plugins-good 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10199\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10199" ], "name": "CVE-2016-10199", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.", "A flaw was found in igb_configure_rx_ring in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue." ], "statement": "This flaw is rated as Important because of its nature of exposure to the threat of impacting Confidentiality, Integrity and Availability by an attacker while being in an adjacent physical layer with no privilege required.", "upstream_fix": "Kernel 6.6-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-45871\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45871\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f" ], "name": "CVE-2023-45871", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-06-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).", "A flaw was found in the way Linux kernel's Dynamic Logical Partitioning (DLPAR) functionality on PowerPC systems handled low memory conditions on device discovery. An attacker who can change the LPAR configuration and incur low memory conditions at the same time could use this flaw to crash the system." ], "statement": "An attacker needs to be highly privileged to exploit this issue. He either needs to trigger LPAR configuration change (or wait for such event to happen) and incur low memory conditions at the same time. It could be argued that possessing privileges required to exploit this issue could have the same impact as the issue itself.\nThe indications say that this issue was found by static code analysing tool which looks for memory allocations without failure checks and not actually reproduced on a running system. The CVE assignment also looks automated and following the \"better be safe than sorry\" approach.\nAs such, this issue is theoretical in nature and Low impact at best.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12614\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12614" ], "name": "CVE-2019-12614", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7199\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7199\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-131.html" ], "name": "CVE-2015-7199", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-129", "details": [ "LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.", "It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." ], "upstream_fix": "openoffice 4.1.2, libreoffice 4.4.6, libreoffice 5.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5214\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5214\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/\nhttp://www.openoffice.org/security/cves/CVE-2015-5214.html" ], "name": "CVE-2015-5214", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-456", "details": [ "SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other impact via a crafted COLLATE clause, as demonstrated by COLLATE\"\"\"\"\"\"\"\" at the end of a SELECT statement.", "A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts." ], "upstream_fix": "SQLite 3.8.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3414\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3414" ], "name": "CVE-2015-3414", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mei Wang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5280\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5280\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5280", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Niklas Baumstark via TrendMicro's Zero Day Initiative as the original reporter.", "upstream_fix": "firefox 60.9, firefox 68.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9812\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9812\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-9812" ], "name": "CVE-2019-9812", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5464\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5464\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5464" ], "name": "CVE-2017-5464", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4509\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4509\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-106/" ], "name": "CVE-2015-4509", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.", "A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue." ], "statement": "The latest kernel in RHCOS is kernel-4.18.0-305.49.1.el8 which does not contain the vulnerable code and is not affected, also OCP v4.9 or earlier are not affected.", "upstream_fix": "kernel 5.19 rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-32250\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32250\nhttps://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd\nhttps://www.openwall.com/lists/oss-security/2022/05/31/1" ], "name": "CVE-2022-32250", "mitigation": { "value": "In order to trigger the issue, it requires the ability to create user/net namespaces.\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects.", "A vulnerability was discovered in fuse. When SELinux is active, fusermount is vulnerable to a restriction bypass. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects." ], "statement": "This issue did not affect the versions of fuse as shipped with Red Hat Enterprise Linux 6 as they did not consider escaped characters when checking mount options. This issue is present in fuse packages included with Red Hat Virtualization, however it is not exploitable under any supported configuration.", "upstream_fix": "fuse 3.2.5, fuse 2.9.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10906\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10906" ], "name": "CVE-2018-10906", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.", "A flaw was found in hw. The speculative execution window of AMD LFENCE/JMP mitigation (MITIGATION V2-2) may be large enough to be exploited on AMD CPUs." ], "acknowledgement": "Red Hat would like to thank AMD for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-26401\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26401\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036" ], "name": "CVE-2021-26401", "mitigation": { "value": "AMD recommends mitigation that uses generic retpoline.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.", "It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0478\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0478\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA\nhttps://people.redhat.com/~fweimer/rsa-crt-leaks.pdf\nhttps://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/" ], "name": "CVE-2015-0478", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-28T12:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-648", "details": [ "A flaw was found in, ghostscript versions prior to 9.50, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.", "A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." ], "acknowledgement": "Red Hat would like to thank Artifex Software for reporting this issue.", "upstream_fix": "ghostscript 9.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14817\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14817" ], "name": "CVE-2019-14817", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths." ], "upstream_fix": "poppler 0.77.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12293\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12293" ], "name": "CVE-2019-12293", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7752\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7752\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752" ], "name": "CVE-2017-7752", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data." ], "upstream_fix": "libexif 0.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13114\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13114" ], "name": "CVE-2020-13114", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-11-10T00:00:00Z", "cvss": { "cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.", "It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #DB (debug exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel." ], "statement": "This issue affects the version of the kvm & xen packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and 7. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production Phase 3 of the support and\nmaintenance life cycle. Thus it is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8104\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8104" ], "name": "CVE-2015-8104", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-10T15:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.", "A vulnerability was found in FreeRadius. An invalid curve attack allows an attacker to authenticate as any user, without knowing the password. FreeRADIUS doesn't verify whether the received elliptic curve point is valid. The highest threat from this vulnerability is to data confidentiality and integrity." ], "upstream_fix": "freeradius 3.0.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11235\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11235" ], "name": "CVE-2019-11235", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription." ], "upstream_fix": "mutt 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14357\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14357" ], "name": "CVE-2018-14357", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-04T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "(CWE-122|CWE-125)", "details": [ "meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file.", "It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4695\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4695" ], "name": "CVE-2015-4695", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-843", "details": [ "PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to \"type confusion\" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.", "Multiple flaws were discovered in the way PHP's Soap extension performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to disclose portion of its memory or crash." ], "upstream_fix": "php 5.4.40, php 5.6.8, php 5.5.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4601\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4601" ], "name": "CVE-2015-4601", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tony Paloma as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5130\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5130\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5130" ], "name": "CVE-2018-5130", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-13T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-776", "details": [ "The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080." ], "statement": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/", "acknowledgement": "This issue was discovered by Red Hat Product Security.", "upstream_fix": "jruby 1.7.16.2, ruby 2.0.0p598, ruby 1.9.3p551, ruby 2.1.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8090\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8090\nhttps://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/" ], "name": "CVE-2014-8090", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.", "A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space." ], "upstream_fix": "kernel 4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8781\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8781" ], "name": "CVE-2018-8781", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).", "A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and potentially affecting network connections and the management of files such as log files or zone journal files." ], "statement": "The patch for CVE-2018-5743 introduced a change in the way bind calculated the number of concurrent connections, from counting the outstanding TCP queries to counting the TCP client connections. However this functionality was not correctly implemented, a attacker could use a single TCP connection to send large number of DNS requests causing denial of service. As per upstream the fix does not help in a situation where a TCP-pipelining client is sending queries at an excessive rate, allowing a backlog of outstanding queries to build up. More details about this is available in the upstream advisory.\nThis bind flaw can be exploited by a remote attacker (AV:N) by opening large number of simultaneous TCP client connections with the server. The attacker needs to use a server which has TCP-pipelining capability to use one TCP connection to send large number of requests. (AC:L and PR:N) No user interaction is required from the server side (UI:N). The attacker can cause denial of service (A:H) by exhausting the file descriptor pool which named has access to. (S:U)", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.15.6, bind 9.11.13, bind 9.14.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6477\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6477\nhttps://kb.isc.org/docs/cve-2019-6477" ], "name": "CVE-2019-6477", "mitigation": { "value": "The vulnerability can be mitigated by disabling server TCP-pipelining:\n~~~\nkeep-response-order { any; };\n~~~\nand then restarting BIND. The server restart is necessary because neither a 'reload' nor a 'reconfig' operation will properly reset currently pipelining TCP clients.\nDisabling TCP-pipelining entirely is completely effective at mitigating the vulnerability with minimal impact to clients that use pipelined TCP connections and with no impact to clients that do not support TCP-pipelining. The majority of Internet client DNS queries are transported over UDP or TCP without use of TCP-pipelining.\nNote: This mitigation will only work with bind-9.11 and above.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt." ], "statement": "This issue affects the versions of gettext as shipped with Red Hat Enterprise Linux 7.\nThis issue did not affect the versions of gettext as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18751\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18751" ], "name": "CVE-2018-18751", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-10-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Hugh Davenport as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8241\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8241" ], "name": "CVE-2015-8241", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.", "An out-of-bounds write flaw was found in the Linux kernel’s HID drivers. An attacker, able to plug in a malicious USB device, can crash the system or read and write to memory with an incorrect address." ], "statement": "This issue was rated as having Moderate impact because of the need of physical access to trigger it.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19532\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19532" ], "name": "CVE-2019-19532", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10355\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10355" ], "name": "CVE-2017-10355", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andre Weissflog and Omair as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7824\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7824\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7824" ], "name": "CVE-2017-7824", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15861\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15861" ], "name": "CVE-2018-15861", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-12T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.", "A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time." ], "acknowledgement": "Red Hat would like to thank Daniel Berteaud (FIREWALL-SERVICES SARL) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0244\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0244\nhttp://www.samba.org/samba/security/CVE-2014-0244" ], "name": "CVE-2014-0244", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.", "A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as only httpd version 2.4.6 included the vulnerable code.", "upstream_fix": "httpd 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4352\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4352\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2013-4352", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.", "An out-of-bounds (OOB) memory access flaw was found in the floppy driver module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-9383\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9383" ], "name": "CVE-2020-9383", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected floppy driver module onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "upstream_fix": "mariadb 10.2.15, mariadb 10.1.33, mariadb 10.0.35, mariadb 5.5.60, mysql 5.6.40, mysql 5.7.22, mysql 5.5.60", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2755\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2755\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" ], "name": "CVE-2018-2755", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.", "The Linux kernel is vulnerable to a memory leak in the drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() function. An attacker could exploit this to cause a potential denial of service." ], "upstream_fix": "kernel 4.16-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8087\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8087" ], "name": "CVE-2018-8087", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20->CWE-125", "details": [ "In vp8_decode_frame of decodeframe.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure if error correction were turned on, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1Android ID: A-62458770" ], "statement": "The version shipped with Red Hat Enterprse Linux 8 already contains the commit which fix this issue, thus this version is not affected.", "upstream_fix": "libvpx 1.7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0034\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0034\nhttps://source.android.com/security/bulletin/2020-03-01" ], "name": "CVE-2020-0034", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2769\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2769" ], "name": "CVE-2019-2769", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.", "A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts." ], "acknowledgement": "This issue was discovered by Frediano Ziglio (Red Hat).", "upstream_fix": "spice-gtk 0.36, spice 0.14.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10873\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10873" ], "name": "CVE-2018-10873", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1583\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1583\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-82.html" ], "name": "CVE-2014-1583", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15857\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15857" ], "name": "CVE-2018-15857", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-138", "details": [ "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell." ], "statement": "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9924\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9924" ], "name": "CVE-2019-9924", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-369", "details": [ "The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command." ], "upstream_fix": "jasper 1.900.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8692\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8692" ], "name": "CVE-2016-8692", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"" ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4522\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4522\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-4522", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.", "A flaw was found in the way the Linux kernel's networking subsystem handled the write queue between TCP disconnection and re-connections. A local attacker could use this flaw to trigger multiple use-after-free conditions potentially escalating their privileges on the system." ], "statement": "This issue affected Red Hat Enterprise Linux 7 starting with kernel version kernel-3.10.0-1053.el7. The first publicly available affected kernel version is kernel-3.10.0-1062.el7 released via https://access.redhat.com/errata/RHSA-2019:2029, the Red Hat Enterprise Linux 7.7 GA kernel errata release.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15239\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15239" ], "name": "CVE-2019-15239", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14046\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14046" ], "name": "CVE-2018-14046", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).", "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function." ], "upstream_fix": "kernel 4.14.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18344\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18344" ], "name": "CVE-2017-18344", "mitigation": { "value": "Attached to this bugzilla is a systemtap script that will prevent opening (and therefore reading) the /proc//timers file which is used to leak information.\nThe SystemTap script is relatively small and efficient, broken into 3 distinct sections as follows:\n--------\nprobe kernel.function(\"proc_timers_open@fs/proc/base.c\").return { \n// this is -EACCES\n$return = -13;\nmessage = sprintf(\"CVE-2017-18344 mitigation denied access to %s to %s(%d)\", file_name , execname(), pid());\n// print a warning message at KERN_INFO debug level\nprintk(6, message);\n}\nprobe begin {\nprintk(6, \"Mitigation for CVE-2017-18344 loaded.\\n\");\n}\nprobe end {\nprintk(6, \"Mitigation for CVE-2017-18344 unloaded.\\n\");\n}\n---------\nFirst, the script places a probe at the return of the kernel function “proc_timers_open” when called. This modifies the return value to be EACCES which would return this value to userspace preventing this file from being opened. When the /proc//timer file is attempted to be opened, a message will be logged to the kernel log subsystem showing the process and pid of the application attempting to access the timer file. \nThis file is not in widespread use at this time, although some applications may read from it to debug or understand their own timers that are set. This mitigation will not be useful in this context.\nFinally, the “probe begin” and “probe end” code blocks tell systemtap to add the supplied text to the kernel log buffer via the printk function. This creates an audit trail by registering in the system logs exactly when the mitigation is loaded and unloaded. This will need to be compiled with guru mode (-g parameter) to compile.\nThis will need to be loaded at each boot to remain effective. Red Hat Product security recommends updating to a patched kernel when it is available.\nRed Hat always seeks to provide both mitigations to disable attacks as well as the actual patches to treat the flaw. To learn more about SystemTap, and how it can be used in your management of your Red Hat systems, please refer to Using SystemTap[1] or one of our videos about it within our Customer Portal[2].\n1 - https://access.redhat.com/articles/17839\n2 - https://access.redhat.com/search/#/?q=systemtap", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.", "A buffer overflow flaw was found in the GNU Wget in version 1.20.1 and earlier when processing Internationalized Resource Identifiers. This flaw allows an attacker to execute arbitrary code or cause a denial of service." ], "statement": "This issue did not affect the versions of wget as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of wget as shipped with Red Hat Enterprise Linux 7.", "upstream_fix": "wget 1.20.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5953\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5953" ], "name": "CVE-2019-5953", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Coinbase Security and Samuel Groß (Google Project Zero) as the original reporters.", "upstream_fix": "Firefox ESR 60.7.1, Firefox 67.0.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11707\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11707\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707" ], "name": "CVE-2019-11707", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.", "An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7755\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7755" ], "name": "CVE-2018-7755", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12265\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12265" ], "name": "CVE-2018-12265", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54." ], "statement": "Red Hat Product Security has rated this issue as having a security impact of Moderate, and a future update may address this flaw.", "upstream_fix": "firefox 54", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7762\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7762\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/" ], "name": "CVE-2017-7762", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1." ], "statement": "Upstream decided to not fix this issue in Firefox ESR 60.2 given the low impact. A future ESR update may correct this flaw.\nThis flaw would impact users who had saved passwords from Firefox 58 or earlier that were not protected by a master password (resulting in an un-encrypted `key3.db`), but set a master password when using Firefox 59 or newer (resulting in an encrypted `key4.db`). The old key file was kept around to facilitate downgrading to Firefox 58.\nThis flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jurgen Gaeremyn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12383\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12383\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12383" ], "name": "CVE-2018-12383", "mitigation": { "value": "To mitigate against this flaw, examine user profile directories for the presence of both `key3.db` and `key4.db` files. If both are present, `key3.db` should be deleted.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "(CWE-122|CWE-121)", "details": [ "Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.", "Buffer overflows were discovered in UDF-related codes under MdeModulePkg\\Universal\\Disk\\PartitionDxe\\Udf.c and MdeModulePkg\\Universal\\Disk\\UdfDxe, which could be triggered with long file names or invalid formatted UDF media." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0160\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0160" ], "name": "CVE-2019-0160", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges." ], "upstream_fix": "mariadb 5.5.44, mariadb 10.1.8, mariadb 10.0.20, mysql 5.5.44, mysql 5.6.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4864\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4864\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4864", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-05-02T04:30:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.", "A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially escalate their privileges on the system." ], "statement": "Only local users with `CAP_NET_ADMIN` capability (or root) can trigger this issue. \nOn Red Hat Enterprise Linux, local unprivileged users can exploit unprivileged user namespaces (CONFIG_USER_NS) to grant themselves this capability.\nThe OpenShift Container Platform (OCP) control planes or master machines are based on Red Hat Enterprise Linux CoreOS (RHCOS) that consists primarily of RHEL components, hence is also affected by this kernel vulnerability. Like it is mentioned earlier, the successful exploit needs necessary privileges (CAP_NET_ADMIN) and direct, local access . Local user in RHCOS is already a root with full permissions, hence existence of this vulnerability does not bring any value from the potential attacker perspective. From the OpenShift containers perspective, this vulnerability cannot be exploited as in OpenShift the cluster processes on the node are namespaced, which means that switching in the running OpenShift container the namespace will not bring necessary capabilities.\nThis means that for OpenShift, the impact of this vulnerability is Low.\nSimilar to CVE-2023-32233 vulnerability has been explained in the following blog post as an example of \"Container escape vulnerability\":\nhttps://www.redhat.com/en/blog/containers-vulnerability-risk-assessment", "acknowledgement": "Red Hat would like to thank Patryk Sondej and Piotr Krysiuk for reporting this issue.", "upstream_fix": "kernel 6.4-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32233\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32233\nhttps://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab\nhttps://www.openwall.com/lists/oss-security/2023/05/08/4" ], "name": "CVE-2023-32233", "mitigation": { "value": "1. This flaw can be mitigated by preventing the affected netfilter (nf_tables) kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.\n2. If the module cannot be disabled, on non-containerized deployments of Red Hat Enterprise Linux, the mitigation is to disable user namespaces:\n```\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n```\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use the second mitigation (disabling user namespaces) as the functionality is needed to be enabled. The first mitigation (blacklisting nf_tables) is still viable for containerized deployments, providing the environment is not using netfilter.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-681", "details": [ "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0494\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0494\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0494", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record." ], "upstream_fix": "libreoffice 6.0.2.1, libreoffice 5.4.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10120\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10120\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-10120/" ], "name": "CVE-2018-10120", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv=\"refresh\" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges James Lee (Kryptos Logic) as the original reporter.", "upstream_fix": "thunderbird 60.2.1, firefox 60.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18499\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18499\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-18499" ], "name": "CVE-2018-18499", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-130", "details": [ "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3862\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3862\nhttps://www.libssh2.org/CVE-2019-3862.html" ], "name": "CVE-2019-3862", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment." ], "statement": "This issue does not affect the version of openssl as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Jüri Aedla as the original reporter.", "upstream_fix": "openssl 1.0.0m, openssl 0.9.8za, openssl 1.0.1h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0195\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0195\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-22->(CWE-125|CWE-787)", "details": [ "An issue was discovered in OpenEXR before 2.4.1. There is an std::vector out-of-bounds read and write, as demonstrated by ImfTileOffsets.cpp." ], "upstream_fix": "OpenEXR 2.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11763\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11763" ], "name": "CVE-2020-11763", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5104\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5104\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104" ], "name": "CVE-2018-5104", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10350\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10350" ], "name": "CVE-2017-10350", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-749", "details": [ "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9948\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9948" ], "name": "CVE-2019-9948", "mitigation": { "value": "If your application uses a blacklist to prevent \"file://\" schema from being used, consider using a whitelist approach to just allow the schemas you want or add \"local_file://\" schema to your blacklist.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.", "A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service." ], "statement": "This issue does affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG. Future Linux kernel updates for the respective releases will address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3688\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3688" ], "name": "CVE-2014-3688", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Patrick Cozzi as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1556\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1556\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-62.html" ], "name": "CVE-2014-1556", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate." ], "upstream_fix": "gnutls 3.5.8, gnutls 3.3.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5336\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5336" ], "name": "CVE-2017-5336", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-06T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-120->CWE-121", "details": [ "In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the \">& fd\" syntax.", "A buffer overflow flaw was found in the zsh shell file descriptor redirection functionality. An attacker could use this flaw to cause a denial of service by crashing the user shell." ], "upstream_fix": "zsh 5.0.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-10071\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-10071" ], "name": "CVE-2014-10071", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-07T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-456->CWE-617", "details": [ "name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.", "A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure." ], "statement": "This issue did not affect the versions of bind packages as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the versions of bind97 packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future bind97 packages updates in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "BIND 9.10.2-P2, BIND 9.9.7-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4620\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4620\nhttps://kb.isc.org/article/AA-01267/" ], "name": "CVE-2015-4620", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-06T00:00:00Z", "cvss": { "cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-502->CWE-284", "details": [ "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.", "It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library." ], "statement": "This issue affects the Apache commons-collections library as shipped with Fuse 6.2.0 and A-MQ 6.2.0. However, this flaw is not known to be exploitable under supported scenarios in these product versions, and so has been assigned an impact of Important for these products and their respective errata.", "upstream_fix": "apache-commons-collections 4.1, apache-commons-collections 3.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7501\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7501\nhttp://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/" ], "csaw": true, "name": "CVE-2015-7501" }, { "threat_severity": "Low", "public_date": "2018-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of the fputc function, which allows remote attackers to cause a denial of service via a crafted image file." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 6.9.10-6, ImageMagick 7.0.8-6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16643\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16643" ], "name": "CVE-2018-16643", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges terjanq as the original reporter.", "upstream_fix": "thunderbird 68.5, firefox 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6798\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6798\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798" ], "name": "CVE-2020-6798", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Haik Aftandilian as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5454\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5454\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5454" ], "name": "CVE-2017-5454", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-02-10T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-552", "details": [ "openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).", "It was found that the \"/var/lib/openhpi\" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory." ], "statement": "This issue affects the version of openhpi as shipped with Red Hat Enterprise Linux 5 and 6. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "This issue was discovered by Marko Myllynen (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3248\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3248" ], "name": "CVE-2015-3248", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges firehack as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2821\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2821\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-51.html" ], "name": "CVE-2016-2821", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-456", "details": [ "ImageMagick 7.0.8-34 has a \"use of uninitialized value\" vulnerability in the ReadPANGOImage function in coders/pango.c." ], "upstream_fix": "ImageMagick 7.0.8-35, ImageMagick 6.9.10-35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12978\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12978" ], "name": "CVE-2019-12978", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nDue to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash." ], "statement": "This vulnerability only affects Firefox on ARM64/aarch64 platforms. Other architectures are not affected.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Deian Stefan as the original reporter.", "upstream_fix": "thunderbird 78, thunderbird 68.10.0, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12417\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12417\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417" ], "name": "CVE-2020-12417", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.57, mariadb 10.2.8, mariadb 10.1.26, mariadb 10.0.32, mysql 5.5.57, mysql 5.7.19, mysql 5.6.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3641\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3641\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL" ], "name": "CVE-2017-3641", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-18T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value.", "An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash." ], "upstream_fix": "php 5.5.18, php 5.4.34, php 5.6.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3669\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3669" ], "name": "CVE-2014-3669", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8719\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8719\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8719", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.", "An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-43750\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43750\nhttps://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198" ], "name": "CVE-2022-43750", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4883\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4883\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4883", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.", "An out-of-bounds write was discovered in fontforge while parsing SFD files containing very large LayerCount tokens. The flaw allows an attacker to overwrite data before a buffer allocated on the heap, thus causing the application to crash or execute arbitrary code." ], "statement": "Impact of the flaw set to Moderate since upstream does not consider a network-facing application that accepts untrusted font files as a reasonable use of fontforge tool/library, making the impact of a possible exploitation of this flaw smaller.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-5395\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5395" ], "name": "CVE-2020-5395", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121->CWE-400", "details": [ "A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat.", "A heap-based buffer overflow vulnerability was found in GNU FriBidi, an implementation of the Unicode Bidirectional Algorithm (bidi). When the flaw is triggered it's possible to manipulate the heap contents, leading to memory corruption causing a denial of service and to arbitrary code execution. The highest threat from this flaw to both data and system availability." ], "acknowledgement": "Red Hat would like to thank Alex Murray (Ubuntu Security Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18397\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18397" ], "name": "CVE-2019-18397", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.", "An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read." ], "upstream_fix": "python-pillow 6.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-5313\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5313" ], "name": "CVE-2020-5313", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.", "A integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.4.4, ruby 2.3.7, ruby 2.5.1, ruby 2.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8778\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8778\nhttps://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/" ], "name": "CVE-2018-8778", "mitigation": { "value": "Vulnerable code when String#unpack's argument is attacker controlled.\nIn the unpack format string argemument, manual sanitization can be done by preventing the number following '@' to overflow to a negative number. See https://dev.to/sqreenio/an-in-depth-look-at-cve-2018-8878-or-why-integer-overflows-are-still-a-thing-1n01 for mitigation details.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2654\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2654" ], "name": "CVE-2020-2654", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.", "A flaw was found in the Sudo application when the ’pwfeedback' option is set to true on the sudoers file. An authenticated user can use this vulnerability to trigger a stack-based buffer overflow under certain conditions even without Sudo privileges. The buffer overflow may allow an attacker to expose or corrupt memory information, crash the Sudo application, or possibly inject code to be run as a root user." ], "statement": "This flaw can only be exploited if the option `pwfeedback` is enabled in sudo configuration. This option is not enabled by default in any version of Red Hat Enterprise Linux.\nThe sudo packages distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The \"Stack Smashing Protection\" may help mitigate code execution attacks for this flaw.\nRed Hat Enterprise Linux 5 is not affected as it doesn't include the commit which introduced the vulnerability.", "upstream_fix": "sudo 1.8.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18634\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18634\nhttps://www.sudo.ws/alerts/pwfeedback.html" ], "name": "CVE-2019-18634", "mitigation": { "value": "Please follow the steps bellow as mitigation:\n1. Check the default properties set for sudo by running:\n~~~\n$ sudo -l\n[sudo] password for user:\nMatching Defaults entries for users on localhost:\n!visiblepw, pwfeedback, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep=\"COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS\",\nenv_keep+=\"MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE\", env_keep+=\"LC_COLLATE LC_IDENTIFICATION\nLC_MEASUREMENT LC_MESSAGES\", env_keep+=\"LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE\", env_keep+=\"LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY\", secure_path=/sbin\\:/bin\\:/usr/sbin\\:/usr/bin\n~~~\n2. If `pwfeedback` is enabled as shown above, edit your `/etc/sudoers` file, changing the line:\n~~~\nDefaults pwfeedback\n~~~\nTo:\n~~~\nDefaults !pwfeedback\n~~~\nThis will disable visual feedback on password typing, making sure the attack is not possible anymore.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.", "It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5355\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5355" ], "name": "CVE-2014-5355", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rakesh Mane as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 60.9, firefox 68.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11744\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11744\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744" ], "name": "CVE-2019-11744", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-09T18:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.", "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges." ], "statement": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Important because it allows a local attacker to crash systemd-journald or escalate his privileges. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16864\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16864\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt" ], "name": "CVE-2018-16864", "mitigation": { "value": "To increase the time an attacker needs to exploit this flaw you could override the `StartLimitInterval=` (called StartLimitIntervalSec in newer systemd versions) and `StartLimitBurst=` settings. In this way the attack may require much longer to be successful.\nTo edit the journald service use `sudo systemctl edit systemd-journald.service` and add:\n```\n[Service]\nStartLimitInterval=120\nStartLimitBurst=3\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-14T16:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.", "A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/3553061\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9. Future kernel updates for the respective releases will address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, but to a lesser degree. As such, the issue severity for RHEL5 is considered Moderate. This is not currently planned to be addressed in future updates of the product due to its life cycle and the issue severity. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5391\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5391\nhttps://access.redhat.com/articles/3553061\nhttps://www.kb.cert.org/vuls/id/641765" ], "csaw": true, "name": "CVE-2018-5391", "mitigation": { "value": "One may change the default 4MB and 3MB values of net.ipv4.ipfrag_high_thresh and net.ipv4.ipfrag_low_thresh (and their ipv6 counterparts net.ipv6.ipfrag_high_thresh and net.ipv6.ipfrag_low_thresh) to 256 kB and 192 kB (respectively) or below. Tests show some to significant CPU saturation drop during an attack, depending on a hardware, configuration and environment.\nThere can be some impact on performance though, due to ipfrag_high_thresh of 262144 bytes, as only two 64K fragments can fit in the reassembly queue at the same time. For example, there is a risk of breaking applications that rely on large UDP packets.\nSee the Mitigation section in the https://access.redhat.com/articles/3553061 article for the script to quickly change to/from default and lower settings.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2023-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.", "A use-after-free flaw was found in the Linux kernel's af_unix component that allows local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unix_stream_sendpage() function could access a skb that is being released by garbage collection, resulting in a use-after-free issue." ], "upstream_fix": "Kernel 6.4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4622\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4622\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c" ], "name": "CVE-2023-4622", "mitigation": { "value": "Mitigation for this issue is either not available or currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts).", "It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3253\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3253" ], "name": "CVE-2017-3253", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-10-14T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-456", "details": [ "The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.", "A flaw was found in the way the Linux kernel handled the securelevel functionality after performing a kexec operation. A local attacker could use this flaw to bypass the security mechanism of the securelevel/secureboot combination." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, kernel-rt and MRG-2.", "acknowledgement": "Red Hat would like to thank Linn Crosetto (HP) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7837\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7837" ], "name": "CVE-2015-7837", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-31T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM." ], "upstream_fix": "mysql 5.5.39, mysql 5.6.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4274\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4274" ], "name": "CVE-2014-4274", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12377\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12377\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377" ], "name": "CVE-2018-12377", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Khalil Zhani as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4506\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4506\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-101/" ], "name": "CVE-2015-4506", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-12T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-364", "details": [ "GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key.", "It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked screen." ], "upstream_fix": "gdm 3.19.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7496\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7496" ], "name": "CVE-2015-7496", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Thomas Vegas as the original reporter.", "upstream_fix": "curl 7.66", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5482\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5482\nhttps://curl.haxx.se/docs/CVE-2019-5482.html" ], "name": "CVE-2019-5482", "mitigation": { "value": "Do not use TFTP with curl with smaller than the default BLKSIZE.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10871\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10871" ], "name": "CVE-2019-10871", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges lokihardt as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1961\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1961\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-24.html" ], "name": "CVE-2016-1961", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.1.33, mariadb 10.0.35, mariadb 10.2.15, mariadb 5.5.60, mysql 5.5.60, mysql 5.7.22, mysql 5.6.40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2781\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2781\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" ], "name": "CVE-2018-2781", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the \"about:pocket-saved\" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9901\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9901\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9901" ], "name": "CVE-2016-9901", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-13T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12641\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12641" ], "name": "CVE-2018-12641", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-25T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.", "It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet." ], "acknowledgement": "This issue was discovered by Miroslav Lichvar (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5219\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5219" ], "name": "CVE-2015-5219", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.", "A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd." ], "statement": "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue in Red Hat Enterprise Linux 6 and 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ntp 4.2.8p6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7978\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7978\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit\nhttp://www.talosintel.com/reports/TALOS-2016-0075/" ], "name": "CVE-2015-7978", "mitigation": { "value": "Keep the number of restriction list entries in ntp.conf lower than 500.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.", "A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8139\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8139\nhttp://www.ocert.org/advisories/ocert-2014-011.html" ], "name": "CVE-2014-8139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the \"billion laughs\" attack.", "A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior." ], "upstream_fix": "libxml2 2.9.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3660\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3660" ], "name": "CVE-2014-3660", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.", "It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim." ], "upstream_fix": "libreoffice 4.4.5, libreoffice 5.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4551\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4551\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/\nhttp://www.openoffice.org/security/cves/CVE-2015-4551.html" ], "name": "CVE-2015-4551", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9669\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9669" ], "name": "CVE-2014-9669", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16420\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16420\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16420", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7500\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7500" ], "name": "CVE-2015-7500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.", "It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users." ], "upstream_fix": "samba 4.3.13, samba 4.4.8, samba 4.5.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2125\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2125\nhttps://www.samba.org/samba/security/CVE-2016-2125.html" ], "name": "CVE-2016-2125", "mitigation": { "value": "The following mitigation is suggested by upstream.\nThe samba-tool command and the AD DC mode honours the undocumented \"gensec_gssapi:delegation=no\" option in the [global] section of the smb.conf file.\nControlling Kerberos forwarding\n===============================\nIn the Active Directory world it's possible for administrators to\nlimit the delegation. User and computer objects can both act as\nKerberos users and also as Kerberos services. Both types of objects have an\nattribute called 'userAccountControl' which is a bitmask that controls the\nbehavior of the account. The following three values have impact on possible\ndelegation:\n0x00100000: UF_NOT_DELEGATED:\nThe UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT\nfor the account. It means the KDC will respond with an error if the client asks\nfor the forwardable ticket. The client typically gives up and removes the\nGSS_C_DELEG_FLAG flag and continues without passing delegated credentials.\nAdministrators can use this to disable possible delegation for the most\nprivileged accounts (e.g. administrator accounts).\n0x00080000: UF_TRUSTED_FOR_DELEGATION\nIf the UF_TRUSTED_FOR_DELEGATION is set on an account a KDC will include the\nOK_AS_DELEGATE flag in a granted service ticket. If the client application\nuses just GSS_C_DELEG_POLICY_FLAG (instead of GSS_C_DELEG_FLAG) gssapi/Kerberos\nlibraries typically only include delegated credentials when the service ticket\nincludes the OK_AS_DELEGATE flag. Administrators can use this to control which\nservices will get delegated credentials, for example if the service runs in a\ntrusted environment and actually requires the presence of delegated\ncredentials.\n0x01000000: UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION\nThe UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION is not really relevant for this\nCVE and just listed here for completeness. This flag is relevant for the\nS4U2Proxy feature, where a service can ask the KDC for a proxied service\nticket which can impersonate users to other services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-13T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.", "An out-of-bounds memory read flaw was found in the way shim parsed certain IPv6 packets. A specially crafted DHCPv6 packet could possibly cause shim to crash, preventing the system from booting if IPv6 booting was enabled." ], "acknowledgement": "Red Hat would like to thank SUSE Security Team for reporting this issue.", "upstream_fix": "shim-0.7 8.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3675\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3675" ], "name": "CVE-2014-3675", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2794\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2794" ], "name": "CVE-2018-2794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D." ], "statement": "This issue affects the versions of lcms as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0459\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0459\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0459", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING conversion.", "A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash." ], "statement": "This issue did not affect the versions of file, php, and php53 as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of file as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Francisco Alonso (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3478\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3478" ], "name": "CVE-2014-3478", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "dovecot 2.2.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3430\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3430" ], "name": "CVE-2014-3430", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-135", "details": [ "ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.", "A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges Douglas Bagnall as the original reporter.", "upstream_fix": "samba 4.1.22, samba 4.3.3, samba 4.2.7, libldb 1.1.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5330\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5330\nhttps://www.samba.org/samba/security/CVE-2015-5330.html" ], "name": "CVE-2015-5330", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.", "A flaw was found in freerdp in versions between 1.0 and 2.0.0. An out-of-bounds memory write was found in the planar.c function which could allow an attacker to control data sent from the RDP server to the client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11521\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11521" ], "name": "CVE-2020-11521", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.", "It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root." ], "upstream_fix": "sudo 1.8.20p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000368\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000368\nhttps://access.redhat.com/security/cve/CVE-2017-1000367\nhttps://access.redhat.com/security/vulnerabilities/3059071\nhttps://www.sudo.ws/alerts/linux_tty.html" ], "name": "CVE-2017-1000368", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write." ], "statement": "This issue affects the versions of libmspack as shipped with Red Hat Enterprise Linux 7.", "upstream_fix": "cabextract 1.8, libmspack 0.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18584\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18584" ], "name": "CVE-2018-18584", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla Developers as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5183\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5183\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183" ], "name": "CVE-2018-5183", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-06T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.", "If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal." ], "statement": "This issue affects the version of krb5 package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5353\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5353" ], "name": "CVE-2014-5353", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.", "A heap-based buffer overflow flaw related to \"lz4::decompress\" (src/Decompressor) has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7773\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7773\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7773", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.", "A vulnerability was discovered in Tomcat's handling of pipelined requests when \"Sendfile\" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure." ], "upstream_fix": "tomcat 7.0.77, tomcat 8.5.13, tomcat 8.0.43, tomcat 6.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5647\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5647" ], "name": "CVE-2017-5647", "mitigation": { "value": "The AJP connector does not support the sendfile capability. A server configured to only use the AJP connector (disable HTTP Connector) is not affected by this vulnerability.\nDisable the sendfile capability by setting useSendfile=\"false\" in the HTTP connector configuration. Note: Disabling sendfile, may impact performance on large files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-406->CWE-400", "details": [ "An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.", "An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound." ], "upstream_fix": "unbound-1.6.6 5.el7_8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10772\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10772" ], "name": "CVE-2020-10772", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Mario Gomes as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4519\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4519\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-110/" ], "name": "CVE-2015-4519", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-01-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.", "A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do symbolic link resolution in the aforementioned path. An attacker could exploit this vulnerability to cause a denial of service condition on the target." ], "upstream_fix": "zsh 5.0.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-10072\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-10072" ], "name": "CVE-2014-10072", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-456", "details": [ "In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.", "A flaw was found in Apache's HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality." ], "statement": "This flaw is caused by use of an uninitialized memory variable. Practically this has no impact, but in some corner cases it is possible that the contents of this variable could be read by a remote process, causing loss of confidentiality as a result of this. There is no evidence of code execution.", "upstream_fix": "httpd 2.4.42", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1934\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1934\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2020-1934", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-08T00:00:00Z", "cvss": { "cvss_base_score": "5.7", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-841", "details": [ "include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.", "An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.\nFor additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Nathan Hoad for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9715\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9715" ], "name": "CVE-2014-9715", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage." ], "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1301\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1301\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2018-1301", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8658\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8658\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8658", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-06T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-341", "details": [ "The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.", "A weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3672\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3672\nhttp://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html\nhttp://seclists.org/bugtraq/2016/Apr/34" ], "name": "CVE-2016-3672", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-05-27T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-470", "details": [ "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.", "It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web / Apache Tomcat instance." ], "upstream_fix": "jbossweb 7.4.7.Final, tomcat 6.0.41, tomcat 7.0.54", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0119\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0119" ], "name": "CVE-2014-0119", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\nWhen fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\nWe recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.", "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\nSimilar CVE-2023-4128 was rejected as a duplicate." ], "upstream_fix": "Kernel 6.5-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4207\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4207\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8\nhttps://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/" ], "name": "CVE-2023-4207", "mitigation": { "value": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", "It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution." ], "statement": "To be successfully and automatically triggered when a specially crafted file is opened, this vulnerability requires 3 parts :\n1) The `source!` command inability to check if it is running in sandbox mode (the fix commit prevents this)\n2) The `modeline` to be enabled (by default, modeline is disabled when running with root permission. See `Mitigation` steps to disable the modeline)\n3) A function, to be inserted in the modeline, that can be used to trigger the `source!` command (e.g.: `assert_fail()` in the public reproducer). To the best of our knowledge, no such functions were found in the default installation of Red Hat Enterprise Linux versions 5, 6 and 7 at the time of the flaw. However, Red Hat Enterprise Linux version 8 contains `assert_fail()`.\nWithout part 2 or 3, it would be required for an attacker to be able to craft the command line used to open the crafted file, in order to trigger the vulnerability.", "upstream_fix": "neovim 0.3.6, vim 8.1.1365", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12735\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12735" ], "name": "CVE-2019-12735", "mitigation": { "value": "The vulnerability can be triggered only if `modeline` is enabled. You can check whether `modeline` is enabled within vim via the command `:set modeline?`\nIt can be turned off explicitly by adding `set nomodeline` in a vimrc file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-122", "details": [ "Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "An integer signedness flaw, leading to a heap-based buffer overflow, was found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9673\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9673" ], "name": "CVE-2014-9673", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\\0' character.", "A heap-based buffer overflow was found in the wireshark module responsible for analyzing the LDSS protocol. An attacker could create a malicious LDSS message to cause a remote denial of service, crashing the application." ], "upstream_fix": "wireshark 2.4.7, wireshark 2.2.15, wireshark 2.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11362\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11362" ], "name": "CVE-2018-11362", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8611\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8611\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8611", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"" ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4487\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4487\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-90.html" ], "name": "CVE-2015-4487", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-22T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-250", "details": [ "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.", "A flaw was found in the way the Linux KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7\nmay address this issue.", "upstream_fix": "kernel 4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7518\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7518" ], "name": "CVE-2017-7518", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.", "The resv_map_release function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7740\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7740" ], "name": "CVE-2018-7740", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.", "An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys." ], "acknowledgement": "Red Hat would like to thank Armis Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000250\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000250\nhttps://www.armis.com/blueborne/" ], "csaw": true, "name": "CVE-2017-1000250" }, { "threat_severity": "Important", "public_date": "2017-05-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.", "It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer." ], "statement": "In the default system configuration, with the sysctl variable vm.overcommit_memory set to either 0 (the default) or 1, an attack would take a not-insignificant amount of time to exhaust the system's memory. If vm.overcommit_memory is set to a value of 2, the time required to exhaust system memory is sufficiently reduced. It was further noticed that, a 32-bit system would have its memory exhausted faster than a 64-bit system.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8779\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8779\nhttps://access.redhat.com/solutions/3025811/" ], "csaw": true, "name": "CVE-2017-8779", "mitigation": { "value": "rpcbind should be protected by iptables so that only trusted hosts that require access can reach it (eg, nfs clients). Applying per-IP rate limits in iptables will also significantly limit the impact of this attack. The default iptables rules in the system-config-firewall or firewalld package deny all remote access to rpcbind.\nIf you elect to run your system with overcommit turned off, daemons should have memory limits enforced by the init system to ensure stability. With systemd, use directives such as LimitAS in unit files. With upstart, place ulimit commands in /etc/sysconfig/$daemon.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2016-03-10T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.", "It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions." ], "upstream_fix": "openssh 7.2p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3115\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3115\nhttp://www.openssh.com/txt/x11fwd.adv" ], "name": "CVE-2016-3115", "mitigation": { "value": "Set X11Forwarding=no in sshd_config.\nFor authorized_keys that specify a \"command\" restriction, this issue can be mitigated by also setting the \"no-X11-forwarding\" restriction. In OpenSSH 7.2 and later, the \"restrict\" restriction can be used instead, which includes the \"no-X11-forwarding\" restriction.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3544\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3544\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3544", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-131", "details": [ "epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." ], "statement": "This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "Wireshark 1.10.12, Wireshark 1.12.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0563\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0563\nhttps://www.wireshark.org/security/wnpa-sec-2015-04.html" ], "name": "CVE-2015-0563", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5274\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5274\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5274", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "There is a buffer overflow in Liblouis 3.2.0, triggered in the function _lou_showString() in utils.c, that will lead to a remote denial of service attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13743\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13743" ], "name": "CVE-2017-13743", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key.", "A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest." ], "upstream_fix": "ntp 4.2.8p7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1550\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1550\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security\nhttp://www.talosintel.com/reports/TALOS-2016-0084/" ], "name": "CVE-2016-1550", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096, and MSVR 35097." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9537\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9537" ], "name": "CVE-2016-9537", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.", "An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7395\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7395" ], "name": "CVE-2017-7395", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.1.23, mariadb 10.2.6, mariadb 10.0.31, mariadb 5.5.55, mysql 5.7.18, mysql 5.5.55, mysql 5.6.36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3308\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3308\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" ], "name": "CVE-2017-3308", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5156\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5156\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-5156" ], "name": "CVE-2018-5156", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "details": [ "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Trippar (Zimperium zLabs) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7758\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7758\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758" ], "name": "CVE-2017-7758", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).", "A flaw was found in samba. When log levels are set at 3 or higher, the string obtained from the client, after a failed character conversion, is printed which could cause long-lived processes to terminate. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Robert Święcki as the original reporter.", "upstream_fix": "samba 4.11.5, samba 4.10.12, samba 4.9.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14907\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14907\nhttps://www.samba.org/samba/security/CVE-2019-14907.html" ], "name": "CVE-2019-14907", "mitigation": { "value": "Do not set a log level of 3 or above in production.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "This issue is rated as having Moderate impact because of being limited to only IPV6 port 1720 being used and if with particular module (nf_conntrack_h323) for Voice Over IP H.323.", "acknowledgement": "Red Hat would like to thank Vasily Averin (Virtuozzo) for reporting this issue.", "upstream_fix": "kernel 4.12-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14305\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14305\nhttps://bugs.openvz.org/browse/OVZ-7188\nhttps://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/" ], "name": "CVE-2020-14305", "mitigation": { "value": "A mitigation to this flaw would be to no longer use IPV6 on affected hardware until the kernel has been updated or to disable Voice Over IP H.323 module. Existing systems that have h323-conntrack-nat kernel module loaded will need to unload the \"nf_conntrack_h323\" kernel module and blacklist it ( See https://access.redhat.com/solutions/41278 for a guide on how to blacklist modules).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-22T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20532\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20532" ], "name": "CVE-2018-20532", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-10-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", "A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Red Hat Enterprise Linux 7 is affected starting with the Red Hat Enterprise Linux 7.4 GA kernel version 3.10.0-693 onward.\nFor Red Hat OpenShift Container Platform, while the cluster nodes may be running an underlying kernel that's affected by this flaw present, both virtual and physical hosts in a production environment will generally have the mitigation already in place of having Bluetooth hardware either not present, or not enabled.", "acknowledgement": "Red Hat would like to thank Andy Nguyen (Google) and Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12351\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12351\nhttps://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq\nhttps://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq\nhttps://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/\nhttps://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html\nhttps://www.zdnet.com/article/google-warns-of-severe-bleedingtooth-bluetooth-flaw-in-linux-kernel/" ], "csaw": true, "name": "CVE-2020-12351", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2017-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.", "A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Andrey Ryabinin (Virtuozzo) and Igor Redko (Virtuozzo) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2647\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2647" ], "name": "CVE-2017-2647", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-172", "details": [ "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", "A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application." ], "statement": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as the security regression was not introduced in those versions. See CVE-2019-9636 for more details about the how these versions of Red Hat Enterprise Linux are affected with regard to the original flaw.\nThis issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 8 as the security regression was not introduced in those versions. See CVE-2019-9636 for more details about the how these versions of Red Hat Enterprise Linux are affected with regard to the original flaw.", "acknowledgement": "This issue was discovered by Riccardo Schirone (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10160\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10160\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html" ], "name": "CVE-2019-10160", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "The Mozilla Foundation Security Advisory describes this flaw as:\nOn 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Deian Stefan as the original reporter.", "upstream_fix": "thunderbird 68.7.0, firefox 68.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6822\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6822\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6822" ], "name": "CVE-2020-6822", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-06-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0182\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0182" ], "name": "CVE-2020-0182", "mitigation": { "value": "This flaw could be mitigated by not passing untrusted input to libexif.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10087\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10087" ], "name": "CVE-2017-10087", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-770->(CWE-125|CWE-787)", "details": [ "In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11039\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11039" ], "name": "CVE-2020-11039", "mitigation": { "value": "To mitigate this flaw, do not enable USB redirection in the client config.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14573\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14573" ], "name": "CVE-2020-14573", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." ], "upstream_fix": "mariadb 10.4.7, mariadb 5.5.65, mariadb 10.1.41, mariadb 10.2.26, mariadb 10.3.17, mysql 5.6.45, mysql 5.7.27, mysql 8.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2739\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2739\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" ], "name": "CVE-2019-2739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-416", "details": [ "A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.", "A flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system." ], "statement": "This issue is rated as having a Moderate impact because of the privileges (CAP_NET_ADMIN in initial namespace) required for exploiting the issue.", "upstream_fix": "kernel 5.13-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3573\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3573\nhttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52\nhttps://www.openwall.com/lists/oss-security/2021/06/08/2" ], "name": "CVE-2021-3573", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising easThe required privileges is CAP_NET_ADMIN capabilities. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.e of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-121", "details": [ "The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.", "The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, as the change that introduced the flaw is not present in the code of these products. \nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7187\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7187" ], "name": "CVE-2017-7187", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-681->CWE-119", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4843\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4843\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4843", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0402\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0402\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.", "A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects Red Hat Enterprise Linux 6 and 7. Future updates for the respective releases may address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2. This flaw is not currently planned to be addressed in future updates due to MRG-2 being an EUS release. For additional information, refer to the Extended Update Support (EUS) Guide: https://access.redhat.com/articles/rhel-eus.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10661\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10661" ], "name": "CVE-2017-10661", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "status": "verified" }, "cwe": "(CWE-122|CWE-190)", "details": [ "Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.", "Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code." ], "acknowledgement": "This issue was discovered by Frediano Ziglio (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10893\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10893" ], "name": "CVE-2018-10893", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-23T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image dimensions.", "An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer." ], "upstream_fix": "gd 2.0.34, php 5.5.37, php 5.6.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5767\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5767" ], "name": "CVE-2016-5767", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.", "A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request." ], "upstream_fix": "httpd 2.4.26, httpd 2.2.34", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7668\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7668\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-7668", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-09-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18252\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18252" ], "name": "CVE-2017-18252", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.", "A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory leak may cause the process to run out of memory and terminate, causing a denial of service." ], "statement": "In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform's version is therefore unused, please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current.", "acknowledgement": "Red Hat would like to thank Xu Mingjie (varas@IIE) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14834\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14834" ], "name": "CVE-2019-14834", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1977\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1977\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-1977", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"DHCP - Read overflow when decoding option 63\" and a denial of service.", "An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 2.2.10, freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10983\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10983\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10983", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.", "A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can use the eBPF verifier to abuse a spectre like flaw where they can infer all system memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-27170\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27170" ], "name": "CVE-2020-27170", "mitigation": { "value": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2013-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "The getenv and filenameforall functions in Ghostscript 9.10 ignore the \"-dSAFER\" argument, which allows remote attackers to read data via a crafted postscript file.", "It was found that the ghostscript functions getenv and filenameforall did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable and list directory respectively, from the target." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-5653\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-5653" ], "name": "CVE-2013-5653", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name." ], "upstream_fix": "mariadb 10.0.23, mariadb 5.5.47, mariadb 10.1.10, mysql 5.7.10, mysql 5.5.47, mysql 5.6.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0546\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0546\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html" ], "name": "CVE-2016-0546", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.", "It was found that a specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service." ], "upstream_fix": "389-ds-base 1.4.0.18, 389-ds-base 1.3.8.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14648\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14648\nhttps://pagure.io/389-ds-base/issue/49969" ], "name": "CVE-2018-14648", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", "It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state." ], "acknowledgement": "Red Hat would like to thank Jann Horn (Google Project Zero) and Ubuntu for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15686\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15686" ], "name": "CVE-2018-15686", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." ], "upstream_fix": "webkitgtk 2.20.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4121\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4121" ], "name": "CVE-2018-4121", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-22T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-672", "details": [ "The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Mozilla community member John as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1557\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1557\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-64.html" ], "name": "CVE-2014-1557", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-28T10:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.", "A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware (mwifiex) could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. A patch has been provided to remediate this flaw." ], "acknowledgement": "Red Hat would like to thank Huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14815\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14815" ], "name": "CVE-2019-14815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.", "A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10207\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10207" ], "name": "CVE-2016-10207", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." ], "upstream_fix": "jquery 3.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-9251\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251" ], "name": "CVE-2015-9251", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-10T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-78", "details": [ "wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.", "A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script (specified using the -a command line option), and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code." ], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank Jouni Malinen for reporting this issue.", "upstream_fix": "hostapd 2.3, wpa_supplicant 2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3686\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3686" ], "name": "CVE-2014-3686", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-10T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.", "Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7039\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7039" ], "name": "CVE-2016-7039", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet.", "A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks." ], "upstream_fix": "ntp 4.2.8p9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9310\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9310\nhttp://support.ntp.org/bin/view/Main/NtpBug3118" ], "name": "CVE-2016-9310", "mitigation": { "value": "Use \"restrict default noquery ...\" in your ntp.conf file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-138", "details": [ "RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command.", "It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Enterprise Linux 6, and 7 and the versions of rh-ruby22-ruby and rh-ruby23-ruby as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.8, ruby 2.3.5, ruby 2.4.2, rubygems 2.6.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0900\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0900\nhttp://blog.rubygems.org/2017/08/27/2.6.13-released.html" ], "name": "CVE-2017-0900", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-25T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17581\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17581" ], "name": "CVE-2018-17581", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.", "A use-after-free flaw in OpenSLP 1.x and 2.x baselines was discovered in the ProcessSrvRqst function. A failure to update a local pointer may lead to heap corruption. A remote attacker may be able to leverage this flaw to gain remote code execution." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17833\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17833\nhttps://dumpco.re/blog/openslp-2.0.0-double-free" ], "name": "CVE-2017-17833", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-863", "details": [ "An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.", "An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration." ], "statement": "This issue did not affect the versions of gvfs as shipped with Red Hat Enterprise Linux 6 as they did not include support for admin backend.", "upstream_fix": "gvfs 1.39.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3827\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3827" ], "name": "CVE-2019-3827", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Berend-Jan Wever as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1592\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1592\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-87.html" ], "name": "CVE-2014-1592", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.", "Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7757\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7757" ], "name": "CVE-2018-7757", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1593\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1593\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-88.html" ], "name": "CVE-2014-1593", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8571\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8571\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8571", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12359\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12359\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12359" ], "name": "CVE-2018-12359", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)." ], "upstream_fix": "mariadb 5.5.55, mariadb 10.1.23, mariadb 10.0.31, mariadb 10.2.6, mysql 5.6.36, mysql 5.5.55, mysql 5.7.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3464\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3464\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixMSQL" ], "name": "CVE-2017-3464", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.", "A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Yihan Lian (Qihoo 360 Gear Team) and Zhibin Hu (Qihoo 360 Gear Team) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14746\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14746\nhttps://www.samba.org/samba/security/CVE-2017-14746.html" ], "name": "CVE-2017-14746", "mitigation": { "value": "Prevent SMB1 access to the server by setting the parameter:\n\"server min protocol = SMB2\"\nto the [global] section of your smb.conf and restart smbd. This prevents and SMB1 access to the server. Note this could cause older clients to be unable to connect to the server.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2800\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2800\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2800", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data." ], "upstream_fix": "httpd 2.2.32, httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4975\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4975\nhttps://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" ], "name": "CVE-2016-4975", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-29T17:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions." ], "statement": "There's no mitigation available other than installing the update packages.", "acknowledgement": "Red Hat would like to thank Chris Coulson (Canonical) and Colin Watson (Debian / Canonical Ltd.) for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15707\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15707" ], "name": "CVE-2020-15707", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-444", "details": [ "HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed", "A flaw was found in the Node.js code where a specially crafted HTTP(s) request sent to a Node.js server failed to properly process the HTTP(s) headers, resulting in a request smuggling attack. An attacker can use this flaw to alter a request sent as an authenticated user if the Node.js server is deployed behind a proxy server that reuses connections." ], "upstream_fix": "http-parser 2.9.3, nodejs 12.15.0, nodejs 10.19.0, nodejs 13.8.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15605\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15605\nhttps://nodejs.org/en/blog/vulnerability/february-2020-security-releases/" ], "name": "CVE-2019-15605", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.", "It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue.", "upstream_fix": "ghostscript 9.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6116\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6116\nhttps://bugs.ghostscript.com/show_bug.cgi?id=700317" ], "name": "CVE-2019-6116", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-13T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "status": "verified" }, "details": [ "The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3144\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3144" ], "name": "CVE-2014-3144", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-119", "details": [ "arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.", "A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtas_args.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "kernel 5.14-4rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-37576\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-37576\nhttps://www.openwall.com/lists/oss-security/2021/07/26/1" ], "name": "CVE-2021-37576", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "2.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-665", "details": [ "In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.", "A NULL pointer dereference flaw was found in the code responsible for the cd builtin command of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell." ], "upstream_fix": "zsh 5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18205\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18205" ], "name": "CVE-2017-18205", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6559\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6559" ], "name": "CVE-2014-6559", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-841", "details": [ "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi (Lepidum) as the original reporter.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0224\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0224\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0224", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-25T14:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-271", "details": [ "A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.", "An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges." ], "statement": "This issue did not affect the versions of xorg-x11-server as shipped with Red Hat Enterprise Linux 5 and 6, as well as Red Hat Enterprise Linux 7 prior to 7.4, as they did not allow the use of vulnerable command line options when running with elevated privileges.\nThe default X server configuration in Red Hat Enterprise Linux only allows users logged in on the system's physical console to run Xorg X server. Therefore, users which only have remote access to the the system (for example using SSH) can not exploit this flaw.", "acknowledgement": "Red Hat would like to thank Narendra Shinde for reporting this issue.", "upstream_fix": "xorg-x11-server 1.20.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14665\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14665\nhttps://lists.x.org/archives/xorg-announce/2018-October/002927.html" ], "name": "CVE-2018-14665", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1836\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1836" ], "name": "CVE-2016-1836", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-552", "details": [ "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12365\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12365\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12365" ], "name": "CVE-2018-12365", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.", "An out of bounds read flaw related to \"graphite2::Silf::readGraphite\" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7774\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7774\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7774", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-05T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.", "A use-after-free flaw was found in the \"Remote Control\" capabilities of the LibreOffice Impress application. An attacker could use this flaw to remotely execute code with the permissions of the user running LibreOffice Impress." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3693\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3693\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2014-3693" ], "name": "CVE-2014-3693", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401", "details": [ "A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.", "A memory leak flaw was found in the Linux kernel’s performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability." ], "upstream_fix": "kernel 5.10-rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25704\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25704\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00\nhttps://www.openwall.com/lists/oss-security/2020/11/09/1" ], "name": "CVE-2020-25704", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-22T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20534\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20534" ], "name": "CVE-2018-20534", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.", "It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14651\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14651" ], "name": "CVE-2018-14651", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-330", "details": [ "In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.", "A flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user." ], "upstream_fix": "cloud-init 20.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8632\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8632" ], "name": "CVE-2020-8632", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19662\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19662" ], "name": "CVE-2018-19662", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-21T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-770", "details": [ "Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.", "An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "upstream_fix": "jasper 1.900.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8158\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8158\nhttp://www.ocert.org/advisories/ocert-2015-001.html" ], "name": "CVE-2014-8158", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.", "It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2178\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2178\nhttp://eprint.iacr.org/2016/594\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2178", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-05-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.", "An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session." ], "upstream_fix": "freeradius 3.0.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9148\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9148" ], "name": "CVE-2017-9148", "mitigation": { "value": "Disable TLS session caching in FreeRADIUS by setting \"enable = no\" in the cache subsection of EAP module settings, which are in /etc/raddb/mods-available/eap file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c." ], "upstream_fix": "freerdp 2.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13396\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13396" ], "name": "CVE-2020-13396", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-03-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.", "An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code." ], "statement": "Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThe affected code is present in esc and xulrunner, however esc has no support for audio, and xulrunner is limited to using only local content that an attacker can not control. These components are not impacted by this vulnerability.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Richard Zhu via Trend Micro's Zero Day Initiative as the original reporter.", "upstream_fix": "libvorbis 1.3.6, firefox 57.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5146\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5146\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-08" ], "name": "CVE-2018-5146", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 7.0.8-11, ImageMagick 6.9.10-11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16644\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16644" ], "name": "CVE-2018-16644", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2838\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2838\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-64.html" ], "name": "CVE-2016-2838", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-31T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-843", "details": [ "snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.", "A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the \"-OQ\" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash." ], "statement": "This issue affects the versions of net-snmp as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3565\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3565" ], "name": "CVE-2014-3565", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", "A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5352\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5352\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-5352", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.", "A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution." ], "upstream_fix": "icoutils 0.31.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5333\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5333" ], "name": "CVE-2017-5333", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.", "A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.10.3-P3, bind 9.9.8-P3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8704\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8704\nhttps://kb.isc.org/article/AA-01335" ], "name": "CVE-2015-8704", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-04T09:14:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-732", "details": [ "A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.", "A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes." ], "statement": "This vulnerability is rated Important when use in a IdM/IPA environment, where an ACI installed by default allows an authenticated attacker to use this flaw to retrieve the userPassword attribute of any user.", "acknowledgement": "Red Hat would like to thank Gerald Vogt (Deutsches Klimarechenzentrum) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14824\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14824\nhttps://pagure.io/389-ds-base/issue/50716" ], "name": "CVE-2019-14824", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7574\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7574" ], "name": "CVE-2019-7574", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Zhanjia Song as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12378\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12378\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378" ], "name": "CVE-2018-12378", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.", "It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10914\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10914" ], "name": "CVE-2018-10914", "mitigation": { "value": "SELinux mitigates this issue on Red Hat Gluster Storage 3. SELinux should be in enforcing mode only as permissive mode does not block attacks.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.", "A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5970\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5970" ], "name": "CVE-2017-5970", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-06T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.", "An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An attacker could create a crafted JPEG2000 image that, when loaded by an application using openjpeg, could lead to a crash or, potentially, code execution." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7163\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7163" ], "name": "CVE-2016-7163", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.", "A flaw was found in X11 dissector of wireshark of which an attacker could make wireshark consume excessive CPU resources which could make system unresponsive by injecting specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file." ], "upstream_fix": "wireshark 1.10.14, wireshark 1.12.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3812\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3812\nhttps://www.wireshark.org/security/wnpa-sec-2015-15.html" ], "name": "CVE-2015-3812", "mitigation": { "value": "This flaw can be mitigated in wireshark by disabling the X11 protocol dissector. In wireshark GUI application click on Analyze->Enabled Protocols and search for \"X11\" and disable in. When using \"tshark\", the text interface, create a file called \"disabled_protos\" in the preferences folder (normally .wireshark folder in the home directory of the user running wireshark) and add \"X11\" to it. This should disable the X11 protocol.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.", "An off-by-one error has been discovered in libX11 in functions XGetFontPath(), XListExtensions(), and XListFonts(). An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the memory corruption." ], "statement": "This issue did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code.\nTo exploit the vulnerability an attacker would need to have already compromised the X server used by your applications. Normally, the X client that runs libX11 and the X server runs on the same machine, thus if an attacker can trigger this flaw he has already compromised the X server, which runs as root, and he has already full control on the system. If the X client runs on another system than the X server (e.g. DISPLAY environment variable is used and it points to an X server on another system) then exploiting this vulnerability would only gain the privileges of the client, which should not be run with high privileges. For the above reasons, this flaw was rated as Moderate Impact.", "upstream_fix": "libX11 1.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14599\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14599" ], "name": "CVE-2018-14599", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-14T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.", "A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as the flaw was already fixed in the products listed.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9794" ], "name": "CVE-2016-9794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7993\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7993" ], "name": "CVE-2016-7993", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an \"httpoxy\" issue.", "It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request." ], "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5385\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5385" ], "name": "CVE-2016-5385", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-838", "details": [ "LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1." ], "upstream_fix": "LibreOffice 6.2.6, LibreOffice 6.3.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9853\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9853\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9853/" ], "name": "CVE-2019-9853", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.", "A divide by zero vulnerability has been discovered in libjpeg-turbo in alloc_sarray function of jmemmgr.c file. An attacker could use this vulnerability to cause a denial of service via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11212\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11212" ], "name": "CVE-2018-11212", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9902\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9902\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9902" ], "name": "CVE-2016-9902", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "8.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.", "A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14493\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14493\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14493" }, { "threat_severity": "Moderate", "public_date": "2018-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674->CWE-400", "details": [ "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)." ], "upstream_fix": "openssl 1.1.0h, openssl 1.0.2o", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0739\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0739\nhttps://www.openssl.org/news/secadv/20180327.txt" ], "name": "CVE-2018-0739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2436\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2436\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL" ], "name": "CVE-2014-2436", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "10.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-270", "details": [ "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Coinbase Security as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11708\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11708\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708" ], "name": "CVE-2019-11708", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8976\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8976" ], "name": "CVE-2018-8976", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.", "A boundary check flaw was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6585\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6585\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2014-6585", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.", "A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled." ], "upstream_fix": "openssl 1.0.1i, openssl 0.9.8zb, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3510\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3510\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3510", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16391\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16391\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16391", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-09T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.", "A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future updates for the respective releases may address the issue.\nThis has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8543\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8543" ], "name": "CVE-2015-8543", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.", "A security flaw was found in the Linux kernel in the adjust_scalar_min_max_vals() function in kernel/bpf/verifier.c. A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because this function mishandles 32-bit right shifts. A local unprivileged user cannot leverage this flaw, but as a privileged user (\"root\") this can lead to a system panic and a denial of service or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18445\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18445" ], "name": "CVE-2018-18445", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.", "It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd." ], "upstream_fix": "httpd 2.4.26, httpd 2.2.34", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3167\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3167\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-3167", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-23T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-611", "details": [ "RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.", "It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks." ], "acknowledgement": "This issue was discovered by David Jorm (Red Hat Product Security).", "upstream_fix": "resteasy 3.0.9.Final, resteasy 2.3.8.SP1-redhat-1, resteasy 2.3.8.SP2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3490\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3490" ], "name": "CVE-2014-3490", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-835", "details": [ "In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19108\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19108" ], "name": "CVE-2018-19108", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.", "It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5573\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5573\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5573", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0395\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0395\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2015-0395", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4517\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4517\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-4517", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", "An assertion failure was found in the way bind implemented the \"managed keys\" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.11.5-P4, bind 9.12.3-P4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5745\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5745\nhttps://kb.isc.org/docs/cve-2018-5745" ], "name": "CVE-2018-5745", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-16T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "The expansion of '\\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.", "An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0634\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0634" ], "name": "CVE-2016-0634", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts).", "It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5547\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5547" ], "name": "CVE-2016-5547", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8524\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8524" ], "name": "CVE-2019-8524", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-11T00:00:00Z", "cvss": { "cvss_base_score": "5.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with\nRed Hat Enterprise Linux 7.\nThis has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/", "upstream_fix": "3.10.0 560.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2584\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2584" ], "name": "CVE-2017-2584", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.", "An improper input validation was found in function __zzip_fetch_disk_trailer of ZZIPlib, up to 0.13.68, that could lead to a crash in __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file." ], "upstream_fix": "zziplib 0.13.69", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7726\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7726" ], "name": "CVE-2018-7726", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.", "A flaw was found in the Linux kernel, prior to version 5.0.7, in drivers/scsi/megaraid/megaraid_sas_base.c, where a NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds(). An attacker can crash the system if they were able to load the megaraid_sas kernel module and groom memory beforehand, leading to a denial of service (DoS), related to a use-after-free." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11810\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11810" ], "name": "CVE-2019-11810", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-345", "details": [ "realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.", "A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2704\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2704" ], "name": "CVE-2015-2704", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6504\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6504\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6504", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Fraser Tweedale as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7792\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7792\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7792" ], "name": "CVE-2017-7792", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the openssl098e as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Felix Gröbert and Ivan Fratrić (Google) as the original reporters.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3470\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3470\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-3470", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.", "A use-after-free flaw was found in the Linux kernel’s GPU driver functionality when destroying GEM context. A local user could use this flaw to crash the system or potentially escalate their privileges." ], "statement": "The impact of this issue is Moderate, because attack is specific for certain Intel hardware and could be triggered only by local user with write access to the device.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-7053\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7053" ], "name": "CVE-2020-7053", "mitigation": { "value": "In case of dedicated graphic card presence and i915 GPU is not being used, you can prevent module i915 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jun Kokatsu as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7830\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7830\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7830" ], "name": "CVE-2017-7830", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.", "A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality." ], "statement": "This issue affects the libsoup packages as shipped with Red Hat Enterprise Linux 7. However, these packages have been compiled with additional security mitigation techniques (\"stack smashing protection\"), which makes exploitation significantly harder. Thus, in most cases an exploitation attempt should be mitigated to a mere crash. However, successful exploitation to execute arbitrary code can't be ruled out entirely.", "acknowledgement": "Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting this issue.", "upstream_fix": "libsoup 2.59.90.1, libsoup 2.58.2, libsoup 2.56.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2885\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2885\nhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392" ], "name": "CVE-2017-2885", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.60, mariadb 10.1.33, mariadb 10.0.35, mariadb 10.2.15, mysql 5.7.22, mysql 5.6.40, mysql 5.5.60", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2817\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2817\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" ], "name": "CVE-2018-2817", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.", "An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2632\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2632\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2632", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8536\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8536" ], "name": "CVE-2019-8536", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.68, mariadb 10.4.13, mariadb 10.3.23, mariadb 10.2.32, mariadb 10.1.45, mariadb-connector-c 3.1.8, mysql 5.6.48, mysql 5.7.28, mysql 8.0.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2752\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2752\nhttps://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL" ], "name": "CVE-2020-2752", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-15T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-665", "details": [ "fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.", "A NULL pointer dereference flaw was found in the Linux kernel: the NFSv4.2 migration code improperly initialized the kernel structure. A local, authenticated user could use this flaw to cause a panic of the NFS client (denial of service)." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address the issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8746\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8746" ], "name": "CVE-2015-8746", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form." ], "upstream_fix": "kernel 4.17-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18690\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18690" ], "name": "CVE-2018-18690", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8783\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8783\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8783", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.", "A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS." ], "upstream_fix": "libcdio 1.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18198\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18198" ], "name": "CVE-2017-18198", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-05-30T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions." ], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-2139\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2139" ], "name": "CVE-2013-2139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex." ], "statement": "This issue affects the versions of texlive as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17407\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17407" ], "name": "CVE-2018-17407", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-06-24T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.", "A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, MRG-2 and realtime and will be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4997\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4997" ], "name": "CVE-2016-4997", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.", "A text injection flaw was found in how mod_auth_openidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs." ], "upstream_fix": "mod_auth_openidc 2.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6059\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6059" ], "name": "CVE-2017-6059", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-248", "details": [ "The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.", "Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000407\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000407" ], "name": "CVE-2017-1000407", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter." ], "statement": "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", "upstream_fix": "python-urllib3 1.24.3, python-urllib3 1.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11236\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11236" ], "name": "CVE-2019-11236", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site." ], "upstream_fix": "mailman 2.1.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13796\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13796" ], "name": "CVE-2018-13796", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10135\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10135" ], "name": "CVE-2017-10135", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types." ], "upstream_fix": "mariadb 10.1.8, mariadb 10.0.22, mariadb 5.5.46, mysql 5.5.46, mysql 5.6.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4826\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4826\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4826", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-07T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.", "Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith and Jed Davis as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2834\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2834\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-61.html" ], "name": "CVE-2016-2834", "mitigation": { "value": "Do not use NSS to parse untrusted certificates.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.0.11, mariadb 5.5.37, mysql 8.0.14, mysql 5.6.43, mysql 5.7.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2481\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2481\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" ], "name": "CVE-2019-2481", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-13T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.", "A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10713\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10713\nhttps://savannah.gnu.org/bugs/index.php?45990" ], "name": "CVE-2016-10713", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1577\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1577\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-76.html" ], "name": "CVE-2014-1577", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Magnus Melin as the original reporter.", "upstream_fix": "thunderbird 68.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15646\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15646\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646" ], "name": "CVE-2020-15646", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-25T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.", "It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9576\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9576" ], "name": "CVE-2016-9576", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.", "A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6. \nRefer to https://access.redhat.com/node/2131021 for further information.", "acknowledgement": "Red Hat would like to thank the Perception Point research team for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0728\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0728\nhttps://access.redhat.com/node/2131021" ], "csaw": true, "name": "CVE-2016-0728" }, { "threat_severity": "Moderate", "public_date": "2020-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8846\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8846\nhttps://webkitgtk.org/security/WSA-2020-0001.html" ], "name": "CVE-2019-8846", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.", "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6302\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6302\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-6302", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-908", "details": [ "A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.", "A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10732\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10732" ], "name": "CVE-2020-10732", "mitigation": { "value": "Possible mitigation would be to disable core dumps system-wide by setting:\n* hard core 0\nIn the /etc/security/limits.conf file and restarting applications/services/processes which users may have access to or simply reboot the system. This disables core dumps which may not be a suitable workaround in your environment.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to cause a denial of service (integer overflow and stack-based buffer overflow) or possibly have unspecified other impact via large integers in a crafted printf function call in a SELECT statement.", "It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts." ], "upstream_fix": "SQLite 3.8.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3416\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3416" ], "name": "CVE-2015-3416", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer." ], "upstream_fix": "mariadb 5.5.43, mariadb 10.0.18, mysql 5.6.24, mysql 5.5.43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4757\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4757\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html#MSQL" ], "name": "CVE-2015-4757", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "An error within the \"leaf_hdr_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.", "A NULL pointer dereference vulnerability in internal/dcraw_common.cpp:leaf_hdr_load_raw() function was found in LibRaw. A user can cause a denial of service when processing specially-crafted RAW data." ], "statement": "This issue did not affect the versions of dcraw as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the vulnerable code.\nThis issue did not affect the versions of LibRaw as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code.", "upstream_fix": "LibRaw 0.18.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5806\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5806" ], "name": "CVE-2018-5806", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-532->CWE-200", "details": [ "A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.", "A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed." ], "statement": "This vulnerability exists in the server component of FreeIPA. Client packages are not affected.", "acknowledgement": "Red Hat would like to thank Jamison Bennett (Cloudera) for reporting this issue.", "upstream_fix": "FreeIPA 4.7.4, FreeIPA 4.6.7, FreeIPA 4.8.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10195\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10195\nhttps://www.freeipa.org/page/Releases/4.6.7\nhttps://www.freeipa.org/page/Releases/4.7.4\nhttps://www.freeipa.org/page/Releases/4.8.3" ], "name": "CVE-2019-10195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7499\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7499" ], "name": "CVE-2015-7499", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-26T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "(CWE-125|CWE-476)", "details": [ "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.", "A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application." ], "statement": "This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4342\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4342" ], "name": "CVE-2014-4342", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges James Lee of Kryptos Logic as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18494\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18494\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18494" ], "name": "CVE-2018-18494", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-17T17:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.", "An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system." ], "statement": "This issue requires unprivileged users to have access to '/dev/kvm' device. So restricting access to '/dev/kvm' device to known trusted users could limit its exploitation by untrusted users/processes.", "acknowledgement": "Red Hat would like to thank Matt Delco (Google.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14821\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14821" ], "name": "CVE-2019-14821", "mitigation": { "value": "Restrict access to the '/dev/kvm' device to trusted users.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.", "The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Ari Kauppi for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7895\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7895" ], "name": "CVE-2017-7895", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-184", "details": [ "KDE Okular before 1.10.0 allows code execution via an action link in a PDF document." ], "upstream_fix": "okular 1.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-9359\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9359\nhttps://kde.org/info/security/advisory-20200312-1.txt" ], "name": "CVE-2020-9359", "mitigation": { "value": "There's no available mitigation other than don't open PDF files from untrusted sources.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", "A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this vulnerability is to data confidentiality and integrity and system availability." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3863\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3863\nhttps://www.libssh2.org/CVE-2019-3863.html" ], "name": "CVE-2019-3863", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-862->CWE-200", "details": [ "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.", "An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords." ], "acknowledgement": "This issue was discovered by Petr Špaček (Red Hat Identity Management Engineering Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8105\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8105" ], "name": "CVE-2014-8105", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the \"use of privileged annotations.\"" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2483\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2483\nhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html#AppendixJAVA" ], "name": "CVE-2014-2483", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-02T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.", "A vulnerability was found in libarchive. A specially crafted zip file can provide an incorrect compressed size, which may allow an attacker to place arbitrary code on the heap and execute it in the context of the application." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1541\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1541\nhttp://www.kb.cert.org/vuls/id/862384" ], "name": "CVE-2016-1541", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5485\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5485" ], "name": "CVE-2017-5485", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack." ], "acknowledgement": "Red Hat would like to thank chenyuan (NESA Lab) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10767\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10767" ], "name": "CVE-2018-10767", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.", "A flaw was found in freerdp in versions before versions 2.0.0-rc4. An integer overflow that leads to a heap-based buffer overflow in the gdi_Bitmap_Decompress() function leads to memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8787\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8787" ], "name": "CVE-2018-8787", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.", "An improper permission check issue was discovered in the JAX-WS component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0412\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0412\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2015-0412", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-12-13T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-327->CWE-201", "details": [ "Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.", "It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "subversion 1.7.18, subversion 1.8.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3528\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3528\nhttp://subversion.apache.org/security/CVE-2014-3528-advisory.txt" ], "name": "CVE-2014-3528", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8673\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8673\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8673", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Joshua Drake as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4496\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4496\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-93.html" ], "name": "CVE-2015-4496", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.", "An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.2h, openssl 1.0.1t", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2106\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2106\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2106", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-15T00:00:00Z", "cvss3": { "cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit 2f084136cfe0d05e5bf5703f3e83c6d955234b4d." ], "statement": "This issue affects versions of libmspack as shipped with Red Hat Enterprise Linux 7 and 8. This flaw was rated as having a Low security impact by the Red Hat Product Security Team.", "upstream_fix": "libmspack 0.10alpha", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1010305\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1010305" ], "name": "CVE-2019-1010305", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "A maliciously constructed svn+ssh:// URL would cause Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3 to run an arbitrary shell command. Such a URL could be generated by a malicious server, by a malicious user committing to a honest server (to attack another user of that server's repositories), or by a proxy server. The vulnerability affects all clients, including those that use file://, http://, and plain (untunneled) svn://.", "A shell command injection flaw related to the handling of \"svn+ssh\" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a \"checkout\" or \"update\" action on a malicious repository, or a legitimate repository containing a malicious commit." ], "acknowledgement": "Red Hat would like to thank the Subversion Team for reporting this issue.", "upstream_fix": "subversion 1.9.7, subversion 1.8.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9800\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9800\nhttps://subversion.apache.org/security/CVE-2017-9800-advisory.txt" ], "name": "CVE-2017-9800", "mitigation": { "value": "There are various methods available to mitigate this issue. For further information, please refer to the Subversion advisory available at:\nhttps://subversion.apache.org/security/CVE-2017-9800-advisory.txt", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", "It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones." ], "statement": "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Daniel Stenberg (curl upstream) for reporting this issue. Upstream acknowledges Isaac Boukris as the original reporter.", "upstream_fix": "curl 7.42.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3148\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3148\nhttp://curl.haxx.se/docs/adv_20150422B.html" ], "name": "CVE-2015-3148", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.", "It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6593\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6593\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixJAVA" ], "name": "CVE-2014-6593", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel", "A vulnerability was found in unix_dgram_recvmsg in net/unix/af_unix.c in the Linux kernel's garbage collection for Unix domain socket file handlers. In this flaw, a missing cleanup may lead to a use-after-free due to a race problem. This flaw allows a local user to crash the system or escalate their privileges on the system.\nA read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system." ], "upstream_fix": "kernel 5.14 rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-0920\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-0920\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca" ], "name": "CVE-2021-0920", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.", "A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service." ], "statement": "Versions of `libvirt` as shipped with Red Hat Enterprise Linux 5 and 6 are marked as \"notaffected\" as they do not include the vulnerable code, which was introduced in a later version of the package. Specifically, the affected internal function `storagePoolLookupByTargetPathCallback` was introduced in `libvirt` upstream version v3.10.0, whereas the `virStoragePoolLookupByTargetPath` method was exported as a public API in version 4.1.0.", "acknowledgement": "This issue was discovered by Han Han (Red Hat).", "upstream_fix": "libvirt 6.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10703\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10703" ], "name": "CVE-2020-10703", "csaw": false }, { "threat_severity": "Low", "public_date": "2005-01-04T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.", "A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0480\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0480\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0480", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2786\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2786" ], "name": "CVE-2019-2786", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10116\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10116" ], "name": "CVE-2017-10116", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H)." ], "upstream_fix": "mariadb 10.0.37, mariadb 10.1.36, mariadb 10.2.18, mariadb 10.3.10, mariadb 5.5.62, mysql 8.0.14, mysql 5.6.43, mysql 5.7.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2503\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2503\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" ], "name": "CVE-2019-2503", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts)." ], "upstream_fix": "mariadb 10.0.30, mariadb 10.2.5, mariadb 5.5.55, mariadb 10.1.22, mysql 5.6.35, mysql 5.5.54, mysql 5.7.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3313\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3313\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixMSQL" ], "name": "CVE-2017-3313", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-15T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10165\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10165" ], "name": "CVE-2016-10165", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-31T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11042\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11042" ], "name": "CVE-2020-11042", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-10T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.", "A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address the issue.", "acknowledgement": "This issue was discovered by Jan Stancek (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3070\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3070" ], "name": "CVE-2016-3070", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"extract_icons\" function in the \"extract.c\" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash.", "A vulnerability was found in icoutils, in the icotool program. An attacker could create a crafted ICO or CUR file that, when read by icotool, could result in memory corruption leading to a crash or potential code execution." ], "upstream_fix": "icoutils 0.31.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6010\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6010" ], "name": "CVE-2017-6010", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that \"goes behind\" the surrounding tag." ], "upstream_fix": "gstreamer1-plugins-good 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5845\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5845" ], "name": "CVE-2017-5845", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-25T08:29:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.", "A heap-based buffer overflow was discovered in the Linux kernel's Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank ADLab of Venustech for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14895\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14895\nhttps://www.openwall.com/lists/oss-security/2019/11/22/2" ], "name": "CVE-2019-14895", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jerri Rice as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5390\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5390\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5390" ], "name": "CVE-2017-5390", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument." ], "statement": "This issue did not affect the versions of python-urllib3 as shipped with Red Hat Enterprise Linux 6, and 7 as the older code shipped there did not load the system certificates.\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected Critical and Important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", "upstream_fix": "urllib3 1.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11324\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11324\nhttps://www.openwall.com/lists/oss-security/2019/04/17/3" ], "name": "CVE-2019-11324", "mitigation": { "value": "The urllib3 package is used by elastic-curator, which is deployed in the ose-logging-curator, and used by the optional logging feature in OpenShift Container Platform (OCP). Therefore OCP 3.11 users can mitigate this issue by not deploying and using the Curator logging feature. \nIn OCP 4 urllib3 is also used by several Ansible Play Book images built with the Operator SDK and available for installation in OCP 4 including openshift-enterprise-ansible-operator and ose-metering-ansible-operator. Therefore those operators should not be deployed in order to mitigate this issue in OCP 4.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-822->CWE-125", "details": [ "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", "An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter.", "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.0r, openssl 1.0.2a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0286\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0286\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0286", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.65, mariadb 10.1.41, mariadb 10.4.7, mariadb 10.3.17, mariadb 10.2.26, mysql 5.6.45, mysql 5.7.27, mysql 8.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2805\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2805\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" ], "name": "CVE-2019-2805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-02T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231.", "A flaws was discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code." ], "upstream_fix": "PHP 5.5.23, PHP 5.4.39, PHP 5.6.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2787\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2787" ], "name": "CVE-2015-2787", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14577\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14577" ], "name": "CVE-2020-14577", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-119->CWE-125", "details": [ "Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx." ], "statement": "This is unlikely to be an issue in a real world scenario, as it requires specially crafted Hunspell dictionaries, which are not shipped with Red Hat Enterprise Linux. Additionally, applications using Hunspell will likely filter out invalid input before passing it on, which further limits the impact.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16707\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16707" ], "name": "CVE-2019-16707", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-20->CWE-200", "details": [ "An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element." ], "upstream_fix": "plasma-workspace 5.12.0, plasma-workspace 5.8.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6790\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6790\nhttps://www.kde.org/info/security/advisory-20180208-1.txt" ], "name": "CVE-2018-6790", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-01T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-822", "details": [ "The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image.", "An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application." ], "upstream_fix": "php 5.4.37, php 5.5.21, php 5.6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0232\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0232" ], "name": "CVE-2015-0232", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) \" (double quote), (2) \\ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.", "A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Nathan Bossart as the original reporter.", "upstream_fix": "postgresql 9.3.14, postgresql 9.5.4, postgresql 9.2.18, postgresql 9.1.23, postgresql 9.4.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5424\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5424" ], "name": "CVE-2016-5424", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-27T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in GNU libcdio before 2.0.0. There is a double free in get_cdtext_generic() in lib/driver/_cdio_generic.c.", "A double-free flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files." ], "upstream_fix": "libcdio 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18201\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18201\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887640" ], "name": "CVE-2017-18201", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000076\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000076\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000076", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-672", "details": [ "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.", "A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory." ], "upstream_fix": "openssl 1.0.0n, openssl 0.9.8zb, openssl 1.0.1i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3505\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3505\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3505", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue.", "A use-after-poison flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith as the original reporter.", "upstream_fix": "nss 3.19.2.1, nss 3.20.1, nss 3.19.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7181\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7181\nhttps://access.redhat.com/articles/2043623\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-133.html" ], "name": "CVE-2015-7181", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7213\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7213\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-146.html" ], "name": "CVE-2015-7213", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.", "A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system." ], "statement": "This issue does affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG. Future Linux kernel updates for the respective releases will address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3687\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3687" ], "name": "CVE-2014-3687", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.", "A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue affects Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Stefano Brivio (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7558\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7558" ], "name": "CVE-2017-7558", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.", "An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0483\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0483\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0483", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-02T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.", "A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2625\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2625\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2625", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.", "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials." ], "statement": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "upstream_fix": "bootstrap 3.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20676\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20676" ], "name": "CVE-2018-20676", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8819\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8819\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8819", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.", "An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent." ], "acknowledgement": "This issue was discovered by Daniel P. Berrange (Red Hat).", "upstream_fix": "libvirt 4.2.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1064\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1064\nhttps://security.libvirt.org/2018/0004.html" ], "name": "CVE-2018-1064", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9898\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9898\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9898" ], "name": "CVE-2016-9898", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file." ], "upstream_fix": "jasper 1.900.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2116\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2116" ], "name": "CVE-2016-2116", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-248", "details": [ "arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.", "A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest." ], "statement": "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. Future kernel updates may address this issue.\nThis issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6. The risks associated with fixing this bug are greater than its security impact. This issue is not currently planned to be addressed in future kernel updates for Red Hat Enterprise Linux 6.\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Nadav Amit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3647\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3647" ], "name": "CVE-2014-3647", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.", "A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Watson Ladd as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2730\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2730\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-64.html" ], "name": "CVE-2015-2730", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11709\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11709\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11709" ], "name": "CVE-2019-11709", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4485\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4485\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-89.html" ], "name": "CVE-2015-4485", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-193", "details": [ "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.", "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 due to a missing commit ( bb646cdb12e75d82258c2f2e7746d5952d3e321a ) which enabled changed system behavior.\nThis issue does affect Red Hat Enteprise Linux 7 and MRG-2 kernels. A future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Paul Moore (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2618\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2618" ], "name": "CVE-2017-2618", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.", "A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6052\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6052" ], "name": "CVE-2014-6052", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.", "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired." ], "statement": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", "upstream_fix": "bootstrap 4.3.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8331\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8331" ], "name": "CVE-2019-8331", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).", "It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges." ], "statement": "This vulnerability is present in Red Hat Virtualization Hypervisor and Management Appliance, however it can only be exploited locally. Since these systems do not typically have local user accounts, this issue has been rated Moderate severity for Red Hat Virtualization 4.", "acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6454\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6454" ], "name": "CVE-2019-6454", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-15T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command." ], "upstream_fix": "jasper 1.900.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8690\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8690" ], "name": "CVE-2016-8690", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3183\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3183" ], "name": "CVE-2018-3183", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-12T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-203", "details": [ "net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.", "It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5.", "acknowledgement": "Red Hat would like to thank Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting this issue.", "upstream_fix": "kernel 4.4.18, kernel 4.7.1, kernel 4.6.7, kernel 3.14.76", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5696\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5696\nhttp://lwn.net/Articles/696868/" ], "csaw": true, "name": "CVE-2016-5696" }, { "threat_severity": "Moderate", "public_date": "2019-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "upstream_fix": "firefox 65.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18511\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18511" ], "name": "CVE-2018-18511", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-11T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.", "A flaw was found that the vfs_rename() function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system." ], "statement": "This issue is not present in the Linux kernel packages as shipped with Red Hat Enterprise Linux versions 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by CAI Qian (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6198\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6198" ], "name": "CVE-2016-6198", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-131->CWE-122", "details": [ "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)" ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Zhaoyang Wu as the original reporter.", "upstream_fix": "curl 7.61.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14618\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14618\nhttps://curl.haxx.se/docs/CVE-2018-14618.html" ], "name": "CVE-2018-14618", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-02T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-426", "details": [ "automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.", "It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the version of autofs package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Georgia Institute (Technology) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8169\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8169" ], "name": "CVE-2014-8169", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-20T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "details": [ "The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.", "It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6489\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6489" ], "name": "CVE-2016-6489", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-250", "details": [ "The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.", "A flaw in the load_elf_binary() function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because install_exec_creds() is called too late in this function." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11190\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11190" ], "name": "CVE-2019-11190", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.", "A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service." ], "upstream_fix": "ntp 4.2.8p9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9311\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9311\nhttp://support.ntp.org/bin/view/Main/NtpBug3119" ], "name": "CVE-2016-9311", "mitigation": { "value": "Use \"restrict default noquery ...\" in your ntp.conf file. Only allow mode 6 queries from trusted networks and hosts.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-667", "details": [ "The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.", "A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls." ], "acknowledgement": "This issue was discovered by Andrea Arcangeli (Red Hat Engineering).", "upstream_fix": "kernel 5.0.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11599\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11599" ], "name": "CVE-2019-11599", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3272\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3272" ], "name": "CVE-2017-3272", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free." ], "upstream_fix": "webkitgtk 2.20.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4200\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4200" ], "name": "CVE-2018-4200", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-228->CWE-125", "details": [ "The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.", "A vulnerability was found in libarchive. A specially crafted AR archive could cause the application to read a single byte of application memory, potentially disclosing it to the attacker." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8920\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8920" ], "name": "CVE-2015-8920", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-16T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string that is mishandled by a \"Python script text executable\" rule." ], "upstream_fix": "php 5.5.24, php 5.6.8, php 5.4.40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4605\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4605" ], "name": "CVE-2015-4605", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aaron Klotz, Bob Clary, Byron Campen, Christian Holler, Cristian Brindusan, Honza Bambas, Iain Ireland, Jason Kratzer, Steve Fink, and Tyson Smith as the original reporters.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11764\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11764\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764" ], "name": "CVE-2019-11764", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-271", "details": [ "In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().", "A flaw was found in zsh. When unsetting the PRIVILEGED option, the shell sets its effective user and group IDs to match their respective real IDs. When the RUID and EUID were both non-zero, it is possible to regain the shell's former privileges. Also, the setopt built-in did not correctly report errors when unsetting the option, which prevented users from handling them as the documentation recommended. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "zsh 5.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20044\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20044\nhttp://zsh.sourceforge.net/releases.html" ], "name": "CVE-2019-20044", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter." ], "statement": "This issue affects the versions of squid as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13345\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13345" ], "name": "CVE-2019-13345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8595\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8595\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8595", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10074\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10074" ], "name": "CVE-2017-10074", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-228->CWE-125", "details": [ "The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.", "A vulnerability was found in libarchive. A specially crafted MTREE file could cause a limited out-of-bounds read, potentially disclosing contents of application memory." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8928\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8928" ], "name": "CVE-2015-8928", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-494", "details": [ "File downloads encoded with \"blob:\" and \"data:\" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges François Marier as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7814\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7814\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7814" ], "name": "CVE-2017-7814", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-02-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", "A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module." ], "statement": "After updating the glibc package on affected systems, it is strongly recommended to reboot the system or restart all the affected services. For more information please refer to: https://access.redhat.com/articles/2161461", "acknowledgement": "This issue was discovered by Google Security Team and Red Hat.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7547\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7547\nhttps://access.redhat.com/articles/2161461" ], "csaw": true, "name": "CVE-2015-7547" }, { "threat_severity": "Moderate", "public_date": "2014-06-12T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.", "An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Gopal Reddy Kodudula (Nokia Siemens Networks) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4667\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4667" ], "name": "CVE-2014-4667", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "8.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.", "A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14492\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14492\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14492" }, { "threat_severity": "Moderate", "public_date": "2020-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10018\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10018" ], "name": "CVE-2020-10018", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-12-01T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.", "A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9079\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9079\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079" ], "name": "CVE-2016-9079", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.", "A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5554\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5554\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5554", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9820\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9820\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820" ], "name": "CVE-2019-9820", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in libjpeg 9a. The get_text_gray_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.", "An out-of-bound read vulnerability has been discovered in libjpeg-turbo when reading one row of pixels of a PGM file. An attacker could use this flaw to crash the application and cause a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11213\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11213" ], "name": "CVE-2018-11213", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5735\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5735\nhttps://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html" ], "name": "CVE-2017-5735", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2842\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2842" ], "name": "CVE-2019-2842", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-02-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.", "It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat and JBoss Web processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default." ], "upstream_fix": "tomcat 7.0.50, tomcat 6.0.39, tomcat 8.0.0-rc10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4322\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4322" ], "name": "CVE-2013-4322", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel", "A flaw was found in the Linux kernel. A logic error in eventpoll.c can cause a use-after-free, leading to a local escalation of privilege with no additional execution privileges. User interaction is not needed for exploitation. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability." ], "upstream_fix": "kernel-rt-3.10.0 1160.57.1.rt56.1198.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0466\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0466" ], "name": "CVE-2020-0466", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "(CWE-327|CWE-757)", "details": [ "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", "It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method." ], "statement": "This issue affects versions of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7. Errata have been released to correct this issue.\nThis issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact and does not plan to address this flaw for the openssl098e component in any future security updates.\nThis issue affects the version of openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 0.9.8zd, OpenSSL 1.0.0p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0204\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0204\nhttps://securityblog.redhat.com/2015/03/04/factoring-rsa-export-keys-freak-cve-2015-0204/\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2015-0204", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5472\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5472\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472" ], "name": "CVE-2017-5472", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.", "A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." ], "acknowledgement": "Red Hat would like to thank Evgenii Shatokhin (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16884\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16884" ], "name": "CVE-2018-16884", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gregory Smiley (Security Compass) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11712\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11712\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712" ], "name": "CVE-2019-11712", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.", "An out-of-bounds memory write flaw was found in qfq_change_agg in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system." ], "upstream_fix": "Kernel 6.5-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3611\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3611\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64" ], "name": "CVE-2023-3611", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module sch_qfq onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)." ], "upstream_fix": "mariadb 10.0.33, mariadb 5.5.58, mariadb 10.2.10, mariadb 10.1.29, mysql 5.7.20, mysql 5.6.38, mysql 5.5.58", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10268\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10268\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL" ], "name": "CVE-2017-10268", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.", "A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack." ], "statement": "The samba4 package in Red Hat Enterprise Linux 6, is a tech preview and by default uses the SMB1 protocol, therefore though affected by this flaw, will not be addressed in a security update.", "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.4.16, samba 4.5.14, samba 4.6.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12151\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12151\nhttps://www.samba.org/samba/security/CVE-2017-12151.html" ], "name": "CVE-2017-12151", "mitigation": { "value": "Keep the default of \"client max protocol = NT1\".", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-31T12:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server." ], "statement": "An authenticated user can cause subversion server (svnserve) process to crash by sending a well-formed read-only request which produces a particular answer. Exploitation results in denial of service by crashing an svnserve process. The impact of this differs depending on how svnserve is launched, including the different run modes selected by options such as \"svnserve -d\", \"svnserve -T -d\", \"svnserve -t\", and \"svnserve -i\". mod_dav_svn is not affected by this flaw.", "acknowledgement": "Red Hat would like to thank the Subversion project (Apache Software Foundation) for reporting this issue. Upstream acknowledges Ace Olszowka (Build Master at Computers Unlimited) as the original reporter.", "upstream_fix": "subversion 1.12.2, subversion 1.9.12, subversion 1.10.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11782\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11782\nhttps://subversion.apache.org/security/CVE-2018-11782-advisory.txt" ], "name": "CVE-2018-11782", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted JPEG image with TIFF thumbnail data that is improperly handled by the exif_thumbnail function.", "A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application." ], "upstream_fix": "php 5.5.18, php 5.4.34, php 5.6.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3670\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3670" ], "name": "CVE-2014-3670", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2012-09-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions", "It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory." ], "statement": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/", "upstream_fix": "python 3.2.6, python 3.4.0, python 3.3.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-1752\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1752" ], "name": "CVE-2013-1752", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.", "A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory." ], "upstream_fix": "kernel-3.10.0 862.1.1.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1068\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1068" ], "name": "CVE-2018-1068", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120->CWE-284", "details": [ "In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components." ], "upstream_fix": "dovecot 2.2.36.3, dovecot 2.3.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7524\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7524\nhttps://dovecot.org/list/dovecot-news/2019-March/000403.html" ], "name": "CVE-2019-7524", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2798\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2798" ], "name": "CVE-2018-2798", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-787|CWE-119)", "details": [ "In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9454\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9454" ], "name": "CVE-2019-9454", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file." ], "statement": "Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10689\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10689" ], "name": "CVE-2018-10689", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-21T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key." ], "upstream_fix": "mariadb 10.0.16, mariadb 5.5.41, mysql 5.5.41, mysql 5.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0374\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0374\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL" ], "name": "CVE-2015-0374", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.", "An issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation." ], "upstream_fix": "kernel 4.18-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13093\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13093" ], "name": "CVE-2018-13093", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-369", "details": [ "The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command." ], "upstream_fix": "jasper 1.900.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8691\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8691" ], "name": "CVE-2016-8691", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-14T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-130", "details": [ "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.", "The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7645\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7645" ], "name": "CVE-2017-7645", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-681", "details": [ "In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.", "A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "upstream_fix": "kernel 4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9725\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9725\nhttps://source.android.com/security/bulletin/2017-09-01" ], "name": "CVE-2017-9725", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free can occur when events are fired for a \"FontFace\" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5402\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5402\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5402" ], "name": "CVE-2017-5402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability." ], "upstream_fix": "gdk-pixbuf 2.36.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2862\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2862\nhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366" ], "name": "CVE-2017-2862", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.", "A buffer overflow on the heap was found in gf_getspec_req RPC request. A remote, authenticated attacker could use this flaw to cause denial of service and read arbitrary files on glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14653\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14653" ], "name": "CVE-2018-14653", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).", "A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon indefinitely, resulting in a denial of service." ], "statement": "This issue affects the version of the libvirt package as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8. Future libvirt updates for Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8 may address this issue.\nRed Hat Enterprise Linux version 5 and 6 are in Maintenance Support 2 Phase of the life cycle. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of the Red Hat Enterprise Linux version 5 and 6. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Eric Blake (Red Hat Inc.).", "upstream_fix": "libvirt 6.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20485\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20485" ], "name": "CVE-2019-20485", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files to the builtin PDF14 converter could use a use-after-free in copydevice handling to crash the interpreter or possibly have unspecified other impact.", "It was discovered that the ghostscript PDF14 compositor did not properly handle the copying of a device. An attacker could possibly exploit this to bypass the -dSAFER protection and crash ghostscript or, possibly, execute arbitrary code in the ghostscript context via a specially crafted PostScript document." ], "statement": "This issue affects the versions of ghostscript as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16540\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16540\nhttps://www.artifex.com/news/ghostscript-security-resolved/\nhttps://www.kb.cert.org/vuls/id/332928" ], "name": "CVE-2018-16540", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-682", "details": [ "The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.", "Undefined behavior (invalid left shift) was discovered in libarchive, in how Compress streams are identified. This could cause certain files to be mistakenly identified as Compress archives and fail to read." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8932\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8932" ], "name": "CVE-2015-8932", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.", "A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support." ], "statement": "TLS server applications using OpenSSL versions in Red Hat Enterprise Linux 6 and 7 are only affected if they enable OCSP stapling support. Applications not enabling OCSP stapling support are not affected. Few applications implement OCSP stapling support and typically do not enable it by default.", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter.", "upstream_fix": "openssl 1.0.2i, openssl 1.1.0a, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6304\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6304\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-6304", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-822", "details": [ "The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.", "A buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8485\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8485" ], "name": "CVE-2014-8485", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-401", "details": [ "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.", "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash." ], "statement": "This issue affects version 219-62 of systemd as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3815\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3815" ], "name": "CVE-2019-3815", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brandon Wieser as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9790\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9790\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790" ], "name": "CVE-2019-9790", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the \"|\" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.", "It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module." ], "statement": "This issue affects the versions of ruby as shipped with Red Hat Subscription Asset Manager 1 and CloudForms 5. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "ruby 2.2.9, ruby 2.4.3, ruby 2.5.0, ruby 2.3.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17405\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17405\nhttps://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/" ], "name": "CVE-2017-17405", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-17T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.", "It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client." ], "acknowledgement": "Red Hat would like to thank Julien Bernard (Viagénie) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3698\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3698" ], "name": "CVE-2016-3698", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-07T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "(CWE-122|CWE-787)", "details": [ "Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder.", "An out-of-bounds write flaw was found in the way Chrony stored certain addresses when configuring NTP or cmdmon access. An attacker that has the command key and is allowed to access cmdmon (only localhost is allowed by default) could use this flaw to crash chronyd or, possibly, execute arbitrary code with the privileges of the chronyd process." ], "acknowledgement": "This issue was discovered by Miroslav Lichvár (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1821\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1821" ], "name": "CVE-2015-1821", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"server signing = mandatory\" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.", "It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.2.10, samba 4.4.1, samba 4.3.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2114\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2114\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2114", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-25T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-787|CWE-125)", "details": [ "A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. This issue only affects Red Hat SDL packages, SDL versions through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow flaw while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code.", "A flaw was found with the RHSA-2019:3950 erratum, where it did not fix the CVE-2019-13616 SDL vulnerability. A heap-based buffer overflow flaw, in SDL while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image, is possible. An application that uses SDL to parse untrusted input files may be vulnerable to this flaw, which could allow an attacker to make the application crash or execute code." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14906\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14906" ], "name": "CVE-2019-14906", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5432\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5432\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5432" ], "name": "CVE-2017-5432", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-06T00:00:00Z", "cvss": { "cvss_base_score": "5.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.", "A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution.\nThe flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG 2.x. This issue has been rated as having Moderate security impact. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Eyal Itkin for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8633\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8633" ], "name": "CVE-2016-8633", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity." ], "statement": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "acknowledgement": "Red Hat would like to thank Moshe Kol (JSOF) and Shlomi Oberman (JSOF) for reporting this issue.", "upstream_fix": "dnsmasq 2.83", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25684\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25684\nhttps://www.jsof-tech.com/disclosures/dnspooq/" ], "csaw": true, "name": "CVE-2020-25684", "mitigation": { "value": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default).\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit ` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system’s environment before applying.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2019-12-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.", "A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition (DTD) may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted XML file that would crash the application or potentially lead to arbitrary code execution." ], "upstream_fix": "xerces-c 3.2.3, xerces-c 3.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1311\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1311\nhttps://marc.info/?l=xerces-c-users&m=157653840106914&w=2" ], "name": "CVE-2018-1311", "mitigation": { "value": "Disable DTD processing by setting the environment variable `XERCES_DISABLE_DTD=1`. Please note that this feature was introduced in xerces-c upstream version 3.1.4 and is not available in older versions. The versions of xerces-c as shipped with Red Hat Enterprise Linux 6 and 7 did not include this feature.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.", "A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the pki-servlet-engine component, which embeds a vulnerable version of Tomcat. However, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of pki-servlet-engine outside of these contexts is not supported. As a result, the vulnerability can not be triggered in supported configurations of these products. A future update may update Tomcat in pki-servlet-engine.\nRed Hat Satellite do not ship Tomcat and rather use its configuration. The product is not affected because configuration does not make use of PersistanceManager or FileStore. Tomcat updates can be obtain from Red Hat Enterprise Linux (RHEL) RHSA.", "upstream_fix": "tomcat 7.0.104, tomcat 8.5.55, tomcat 9.0.35, tomcat 10.0.0-M5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-9484\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9484\nhttp://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E\nhttp://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35" ], "name": "CVE-2020-9484", "mitigation": { "value": "Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized. For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.", "A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Emilia Käsper (the OpenSSL development team) and Sean Burford (Google) as the original reporters.", "upstream_fix": "openssl 1.0.2a, openssl 1.0.0r, openssl 1.0.1m, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0293\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0293\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0293", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.", "A flaw was found in glusterfs server which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14660\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14660" ], "name": "CVE-2018-14660", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-02-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3533\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3533\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3533", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.", "A vulnerability was found in the Linux kernel. The Zr364xx USB device driver is susceptible to malicious USB devices. An attacker able to add a specific USB device could cause a crash leading to a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15217\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15217" ], "name": "CVE-2019-15217", "mitigation": { "value": "To mitigate this issue, prevent module zr364xx from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-09T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-843", "details": [ "The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related to \"type confusion\" issues in (1) ArrayObject and (2) SPLObjectStorage.", "A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application." ], "statement": "This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "php 5.3.29, php 5.5.14, php 5.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3515\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3515" ], "name": "CVE-2014-3515", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.", "A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto()." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and is planned to be addressed in future updates.\nFor additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue doesn't affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 7 and MRG-2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8399\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8399" ], "name": "CVE-2016-8399", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-407", "details": [ "Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.", "A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time." ], "upstream_fix": "php 5.6.9, php 5.4.41, php 5.5.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4024\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4024" ], "name": "CVE-2015-4024", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a \"Negative-size-param\" condition." ], "upstream_fix": "libtiff 4.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17546\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17546" ], "name": "CVE-2019-17546", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-14T00:00:00Z", "cvss": { "cvss_base_score": "7.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.", "A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, 7, MRG-2 and realtime and may be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7117\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7117" ], "name": "CVE-2016-7117", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.", "A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9447\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9447\nhttps://scarybeastsecurity.blogspot.cz/2016/11/0day-exploit-compromising-linux-desktop.html" ], "name": "CVE-2016-9447", "mitigation": { "value": "sudo rm /usr/lib*/gstreamer-0.10/libgstnsf.so\nPlease note that this mitigation deletes the vulnerable NSF codec file, which removes the functionality to play Nintendo NSF music files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-476", "details": [ "When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Stephan Lauffer as the original reporter.", "upstream_fix": "thunderbird 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6795\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6795\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6795" ], "name": "CVE-2020-6795", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-08-27T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.", "A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Bas Venis as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4498\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4498\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-95.html" ], "name": "CVE-2015-4498", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-16T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-862", "details": [ "A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.", "A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape." ], "statement": "The nested virtualization feature is not enabled by default up to Red Hat Enterprise Linux 8.4. Most importantly, Red Hat currently provides nested virtualization only as a Technology Preview, and is therefore unsupported for production use. For additional details please see https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.", "acknowledgement": "This issue was discovered by Maxim Levitsky (Red Hat).", "upstream_fix": "kernel 5.14-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3653\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3653\nhttps://www.openwall.com/lists/oss-security/2021/08/16/1" ], "name": "CVE-2021-3653", "mitigation": { "value": "This vulnerability can be mitigated by disabling the nested virtualization feature:\n```\n# modprobe -r kvm_amd\n# modprobe kvm_amd nested=0\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-19T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be \"jumped\" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).", "A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult." ], "statement": "This is a kernel-side mitigation. For a related glibc mitigation please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000366 .", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000364\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000364\nhttps://access.redhat.com/security/vulnerabilities/stackguard\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" ], "csaw": true, "name": "CVE-2017-1000364" }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3550\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3550\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3550", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.", "A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10929\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10929" ], "name": "CVE-2018-10929", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts).", "It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5552\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5552" ], "name": "CVE-2016-5552", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6251\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6251" ], "name": "CVE-2019-6251", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T15:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497." ], "upstream_fix": "freeradius 3.0.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11234\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11234" ], "name": "CVE-2019-11234", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451." ], "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2412\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2412\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2412", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-24T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.", "Undefined behavior (signed integer overflow) was discovered in libarchive, in the ISO parser. A crafted file could potentially cause denial of service." ], "upstream_fix": "libarchive 3.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5844\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5844" ], "name": "CVE-2016-5844", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-456", "details": [ "Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.", "The use of uninitialized memory related to \"graphite2::GlyphCache::Loader::read_glyph\" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7777\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7777\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7777", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.", "It was found that Polkit's CheckAuthorization and RegisterAuthenticationAgent D-Bus calls did not validate the client provided UID. A specially crafted program could use this flaw to submit arbitrary UIDs, triggering various denial of service or minor disclosures, such as which authentication is cached in the victim's session." ], "upstream_fix": "polkit 0.116", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1116\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1116" ], "name": "CVE-2018-1116", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.", "A vulnerability was found in the Linux kernel’s CX24116 tv-card driver, where an out of bounds read occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. An attacker could use this flaw to leak kernel private information to userspace." ], "statement": "This flaw requires a Conexant CX24116 series TV-media card to be in the system for this driver to load. This flaw is when an attacker attempts to use the card to communicate with a satellite tv control subsystem ( via Digital Satellite Equipment Control command) by issuing a specially crafted ioctl to the device.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-9289\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9289" ], "name": "CVE-2015-9289", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.68, mariadb 10.4.13, mariadb 10.3.23, mariadb 10.2.32, mariadb 10.1.45, mysql 5.6.48, mysql 5.7.30, mysql 8.0.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2812\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2812\nhttps://www.oracle.com/security-alerts/cpuapr2020.html" ], "name": "CVE-2020-2812", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "status": "verified" }, "details": [ "An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.", "It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client." ], "acknowledgement": "This issue was discovered by Miroslav Lichvar (Red Hat).", "upstream_fix": "ntp 4.2.8p7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1548\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1548\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security\nhttp://www.talosintel.com/reports/TALOS-2016-0082/" ], "name": "CVE-2016-1548", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository", "A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository." ], "acknowledgement": "Red Hat would like to thank the Mercurial Security Team for reporting this issue.", "upstream_fix": "mercurial 4.2.3, mercurial 4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000115\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000115\nhttps://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.2F_4.3.1_.282017-08-10.29" ], "name": "CVE-2017-1000115", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-665", "details": [ "epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188.", "A flaw was found in WCP dissector of wireshark of which an attacker could crash wireshark by injecting a specially crafted packet onto the wire or by convincing wireshark user to read malformed packet trace file." ], "upstream_fix": "wireshark 1.10.14, wireshark 1.12.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3811\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3811\nhttps://www.wireshark.org/security/wnpa-sec-2015-14.html" ], "name": "CVE-2015-3811", "mitigation": { "value": "This flaw can be mitigated in wireshark by disabling the WCP protocol dissector. In wireshark GUI application click on Analyze->Enabled Protocols and search for \"WCP\" and disable in. When using \"tshark\", the text interface, create a file called \"disabled_protos\" in the preferences folder (normally .wireshark folder in the home directory of the user running wireshark) and add \"WCP\" to it. This should disable the WCP protocol.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.", "A flaw was found in the samba client where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Michael Hanselmann as the original reporter.", "upstream_fix": "samba 4.11.2, samba 4.10.10, samba 4.9.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10218\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10218\nhttps://www.samba.org/samba/security/CVE-2019-10218.html" ], "name": "CVE-2019-10218", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candidate is a reservation duplicate of CVE-2016-6664. Notes: All CVE users should reference CVE-2016-6664 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage", "A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root." ], "upstream_fix": "mysql 5.5.52, mysql 5.6.33, mysql 5.7.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5617\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5617\nhttps://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.txt" ], "name": "CVE-2016-5617", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-24T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name of an existing file.", "A use-after-free flaw was found in PHP's phar (PHP Archive) paths implementation. A malicious script author could possibly use this flaw to disclose certain portions of server memory." ], "upstream_fix": "php 5.5.22, php 5.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2301\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2301" ], "name": "CVE-2015-2301", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.", "A flaw was found in Apache HTTP Server (httpd) versions 2.4.0 to 2.4.41. Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL." ], "statement": "This issue only affects httpd versions between 2.4.0 and 2.4.41. Therefore Red Hat Enterprise Linux 5 and 6 are not affected by this flaw.", "upstream_fix": "httpd 2.4.42", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1927\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1927\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2020-1927", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11712\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11712" ], "name": "CVE-2018-11712", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-191->CWE-787", "details": [ "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.", "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system." ], "upstream_fix": "kernel 6.6-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-42753\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-42753\nhttps://seclists.org/oss-sec/2023/q3/216" ], "name": "CVE-2023-42753", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL." ], "upstream_fix": "mariadb 10.1.8, mariadb 5.5.46, mariadb 10.0.22, mysql 5.6.27, mysql 5.5.46", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4815\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4815\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4815", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.", "It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6512\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6512\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6512", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-190)", "details": [ "The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().", "Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop." ], "statement": "Red Hat Product Security has rated these issues as having Moderate security impact. These issues may be fixed in a future minor release of Red Hat Enterprise Linux 7. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Tcpdump project for reporting this issue.", "upstream_fix": "tcpdump 4.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7937\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7937" ], "name": "CVE-2016-7937", "mitigation": { "value": "When invoked with the \"-w\" option, to write raw packets to a pcap file (for forensic purposes or offline examination), tcpdump does not use the protocol decoding subsystem and is not affected by these flaws. Red Hat Product Security recommends that any unattended uses of tcpdump use this option to ensure uninterrupted packet capture.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.", "An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This issue was rated as having Moderate impact because of the need of physical access or administrator privileges to trigger it.", "upstream_fix": "kernel 5.4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20636\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20636" ], "name": "CVE-2019-20636", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted \"KOD\" messages.", "It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server." ], "statement": "This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.4, as they do not include support for KoD packets.", "acknowledgement": "Red Hat would like to thank Aanchal Malhotra (Boston University), Isaac E. Cohen (Boston University), and Sharon Goldberg (Boston University) for reporting this issue.", "upstream_fix": "ntp 4.2.8p4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7704\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7704\nhttps://www.cs.bu.edu/~goldbe/NTPattack.html" ], "name": "CVE-2015-7704", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-13T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.", "A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service." ], "upstream_fix": "tigervnc 1.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5581\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5581" ], "name": "CVE-2017-5581", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Greg Stark and Tom Lane as the original reporters.", "upstream_fix": "postgresql 9.1.20, postgresql 9.3.11, postgresql 9.4.6, postgresql 9.2.15, postgresql 9.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0773\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0773" ], "name": "CVE-2016-0773", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.", "A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service (daemon crash)." ], "acknowledgement": "Red Hat would like to thank Javantea for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3204\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3204\nhttps://libreswan.org/security/CVE-2015-3204/CVE-2015-3204-libreswan.patch\nhttps://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt" ], "name": "CVE-2015-3204", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..", "Improper validation in the bnx2x network card driver of the Linux kernel version 4.15 can allow for denial of service (DoS) attacks via a packet with a gso_size larger than ~9700 bytes. Untrusted guest VMs can exploit this vulnerability in the host machine, causing a crash in the network card." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, as supported configurations are not affected.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000026\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000026" ], "name": "CVE-2018-1000026", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-843", "details": [ "psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ghostscript 9.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19477\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19477" ], "name": "CVE-2018-19477", "mitigation": { "value": "Please refer to the \"Mitigation\" section of CVE-2018-16509 : https://access.redhat.com/security/cve/cve-2018-16509", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125->CWE-200", "details": [ "In ImageMagick 7.0.8-36 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or information disclosure via a crafted image file." ], "upstream_fix": "ImageMagick 6.9.10-36, ImageMagick 7.0.8-36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10650\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10650" ], "name": "CVE-2019-10650", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.", "It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources." ], "upstream_fix": "ntp 4.2.8p9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7426\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7426\nhttp://support.ntp.org/bin/view/Main/NtpBug3071" ], "name": "CVE-2016-7426", "mitigation": { "value": "If you choose to use restrict default limited ..., be sure to use restrict source ... (without limited) to avoid this attack.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-30T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file." ], "acknowledgement": "Red Hat would like to thank Aladdin Mubaied for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3186\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3186" ], "name": "CVE-2016-3186", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "If a page is loaded from an original site through a hyperlink and contains a redirect to a \"data:text/html\" URL, triggering a reload will run the reloaded \"data:text/html\" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Takeshi Terada as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5466\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5466\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5466" ], "name": "CVE-2017-5466", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-330", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).", "It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2599\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2599" ], "name": "CVE-2018-2599", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka \"PixarLog horizontalDifference heap-buffer-overflow.\"" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9533\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9533" ], "name": "CVE-2016-9533", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-88", "details": [ "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8325\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8325" ], "name": "CVE-2019-8325", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-06T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize.", "A buffer overflow flaw was found in Gnome Pango. When invalid utf-8 strings are passed to functions, a heap-based buffer overflow can occur that could lead to code execution. The highest threat from this vulnerability is data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1010238\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1010238\nhttps://gitlab.gnome.org/GNOME/pango/issues/342\nhttps://packetstormsecurity.com/files/153838/USN-4081-1.txt" ], "name": "CVE-2019-1010238", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-02-27T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", "status": "verified" }, "details": [ "Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) or (2) JSTL XML tag.", "It was found that the Java Standard Tag Library (JSTL) allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution." ], "statement": "Users of EAP 6.x and 7.0 should upgrade to at least 6.4.9 and pass the following system property on startup to prevent XXE attacks in JSTL:\norg.apache.taglibs.standard.xml.accessExternalEntity=false\nFor more details please see refer to this KCS solution:\nhttps://access.redhat.com/solutions/1584363", "acknowledgement": "Red Hat would like to thank Apache Software Foundation and David Jorm (IIX) for reporting this issue.", "upstream_fix": "jakarta-taglibs-standard 1.2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0254\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0254" ], "name": "CVE-2015-0254", "mitigation": { "value": "Users should upgrade to Apache Standard Taglibs 1.2.3 or later.\nThis version uses JAXP’s FEATURE_SECURE_PROCESSING to restrict XML processing. Depending on the Java runtime version in use, additional configuration may be required:\nJava8:\nExternal entity access is automatically disabled if a SecurityManager is active.\nJava7:\nJAXP properties may need to be used to disable external access. See http://docs.oracle.com/javase/tutorial/jaxp/properties/properties.html\nJava6 and earlier:\nA new system property org.apache.taglibs.standard.xml.accessExternalEntity may be used to specify the protocols that can be used to access external entities. This defaults to \"all\" if no SecurityManager is present and to \"\" (thereby disabling access) if a SecurityManager is detected.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.8-4 has a memory leak in parse8BIM in coders/meta.c." ], "upstream_fix": "ImageMagick 7.0.8-5, ImageMagick 6.9.10-5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14437\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14437" ], "name": "CVE-2018-14437", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-15T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-201", "details": [ "libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1) backtrace, (2) cmdline, (3) environ, (4) open_fds, (5) maps, (6) smaps, (7) hostname, (8) remote, (9) ks.cfg, or (10) anaconda-tb file attachment included in a Red Hat Bugzilla bug report.", "It was found that ABRT may have exposed non-public information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not intended to be made public, including host names, IP addresses, or command line options." ], "acknowledgement": "This issue was discovered by Bastien Nocera (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5302\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5302" ], "name": "CVE-2015-5302", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.", "Undefined behavior (signed integer overflow) was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. A crafted mtree file could potentially cause denial of service." ], "upstream_fix": "libarchive 3.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8931\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8931" ], "name": "CVE-2015-8931", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-17T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.", "An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application." ], "acknowledgement": "Red Hat would like to thank Gustavo Grieco for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0718\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0718" ], "name": "CVE-2016-0718", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution." ], "statement": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "upstream_fix": "tomcat 7.0.82, tomcat 8.0.47, tomcat 8.5.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12617\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12617\nhttps://tomcat.apache.org/security-7.html\nhttps://tomcat.apache.org/security-8.html" ], "name": "CVE-2017-12617", "mitigation": { "value": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\nBlock HTTP methods that permit resource modification for untrusted users.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.", "A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet." ], "acknowledgement": "Red Hat would like to thank Internet Systems Consortium for reporting this issue. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter.", "upstream_fix": "bind 9.10.5-P2, bind 9.9.10-P2, bind 9.11.1-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3142\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3142\nhttps://kb.isc.org/article/AA-01504" ], "name": "CVE-2017-3142", "mitigation": { "value": "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in parallel. For information on how to configure this type of compound authentication control, please see:\nhttps://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17041\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17041" ], "name": "CVE-2019-17041", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file.", "A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file." ], "statement": "This issue did not affect the php and the file packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of file as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Francisco Alonso (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3479\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3479" ], "name": "CVE-2014-3479", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 5.5.62, mariadb 10.1.37, mariadb 10.0.37, mariadb 10.3.11, mariadb 10.2.19, mysql 8.0.13, mysql 5.5.62, mysql 5.6.42, mysql 5.7.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3282\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3282\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" ], "name": "CVE-2018-3282", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-26T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "details": [ "Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8896\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8896" ], "name": "CVE-2015-8896", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." ], "upstream_fix": "exiv2 0.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9143\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9143" ], "name": "CVE-2019-9143", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16418\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16418\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16418", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8689\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8689\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8689", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3214\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3214" ], "name": "CVE-2018-3214", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-28T00:00:00Z", "cvss": { "cvss_base_score": "9.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.", "The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7913\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7913" ], "name": "CVE-2016-7913", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "libpng before 1.6.32 does not properly check the length of chunks against the user limit." ], "upstream_fix": "libpng 1.6.32", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12652\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12652" ], "name": "CVE-2017-12652", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2734\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2734\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2734", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-444", "details": [ "In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.", "A flaw was found in python-twisted-web, where it does not correctly process HTTP requests with both Content-Length and Transfer-Encoding headers. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example, a proxy, back-end, or web application firewall, a remote attacker can use this flaw to perform an HTTP request smuggling attack. This flaw impacts the system differently based on the type of application and the infrastructure." ], "statement": "Although Red Hat OpenStack Platform packages the flawed code, python-twisted's web.HTTP functionality is not used in the RHOSP environment. For this reason, the RHOSP impact has been lowered to moderate and no update will be provided at this time for the RHOSP python-twisted package .\nOpenShift Container Platform 4.3 and later includes `python-twisted` as a dependency of `python-prometheus_client` in Ironic container images, however the affected code is not used.\nRed Hat Satellite uses affected versions of `python-twisted` and `python-twisted-web` modules in Pulp, however, it is not vulnerable since `http` modal of web implementation is not expose in product. Red Hat Satellite may update `python-twisted` and `python-twisted-web` in future.\nThis issue affects the version of python-twisted(embedded in calamari-server) shipped with Red Hat Ceph Storage 2. However, calamari is no longer supported, hence the embedded python-twisted package will not be fixed.", "upstream_fix": "twisted 20.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10109\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10109\nhttps://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst" ], "name": "CVE-2020-10109", "mitigation": { "value": "When python-twisted-web is used as the back-end of your infrastructure, you can partially mitigate the problem by ensuring that each request on the front-end component (e.g. proxy) is sent over a separate network connection to the python-twisted-web server. This will prevent interference between different users, but it will not prevent all possible attacks that can be performed, which would vary based on the infrastructure and application in use.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.", "A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7393\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7393" ], "name": "CVE-2017-7393", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5." ], "upstream_fix": "libreoffice 6.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9849\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9849\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9849" ], "name": "CVE-2019-9849", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-02T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"", "It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux\nkernel updates for the respective releases will address this issue.", "acknowledgement": "This issue was discovered by Red Hat.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1805" ], "name": "CVE-2015-1805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-26T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.", "It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7097\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7097" ], "name": "CVE-2016-7097", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-30T00:00:00Z", "cvss": { "cvss_base_score": "1.7", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "details": [ "The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.", "An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests. A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1739\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1739" ], "name": "CVE-2014-1739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).", "A flaw was found in the Linux Kernel in the ucma_leave_multicast() function in drivers/infiniband/core/ucma.c which allows access to a certain data structure after freeing it in ucma_process_join(). This allows an attacker to cause a use-after-free bug and to induce kernel memory corruption, leading to a system crash or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "upstream_fix": "kernel 4.18-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14734\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14734" ], "name": "CVE-2018-14734", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4486\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4486\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-89.html" ], "name": "CVE-2015-4486", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4492\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4492\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-92.html" ], "name": "CVE-2015-4492", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files." ], "upstream_fix": "openssh 7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15906\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15906" ], "name": "CVE-2017-15906", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-05T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.", "It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution." ], "acknowledgement": "Red Hat would like to thank Tobias Stoeckmann for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5384\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5384" ], "name": "CVE-2016-5384", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS." ], "upstream_fix": "mariadb 10.0.20, mariadb 5.5.44, mysql 5.5.44, mysql 5.6.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2582\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2582\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015verbose-2367947.html#MSQL" ], "name": "CVE-2015-2582", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458." ], "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2423\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2423\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2423", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Dominique Hazaël-Massieux as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1962\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1962\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-25.html" ], "name": "CVE-2016-1962", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "(CWE-190|CWE-119)", "details": [ "Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4493\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4493\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-83.html" ], "name": "CVE-2015-4493", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.", "A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely." ], "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0231\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0231\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0231", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2797\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2797\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2797", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3149\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3149" ], "name": "CVE-2018-3149", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-325", "details": [ "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)." ], "upstream_fix": "openssl 1.0.2p, openssl 1.1.0i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0732\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0732\nhttps://www.openssl.org/news/secadv/20180612.txt" ], "name": "CVE-2018-0732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.", "A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9775\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9775" ], "name": "CVE-2017-9775", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-14T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-626", "details": [ "The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \\x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.", "It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions." ], "upstream_fix": "php 5.4.41, php 5.6.9, php 5.5.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4026\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4026" ], "name": "CVE-2015-4026", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-11T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.", "An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9585\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9585" ], "name": "CVE-2014-9585", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-03-04T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-749", "details": [ "The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.", "A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel." ], "statement": "This issue did not affect the versions of the kernel as shipped\nwith Red Hat Enterprise Linux 4, 5, and 6.\nThis issue affects the versions of the Linux as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9644\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9644" ], "name": "CVE-2014-9644", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-665", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4805\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4805", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16328\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16328" ], "name": "CVE-2018-16328", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-01T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.", "An incorrect boundary check was found in the way squid handled the Vary header in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 3.5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3948\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3948\nhttp://www.squid-cache.org/Advisories/SQUID-2016_4.txt" ], "name": "CVE-2016-3948", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL." ], "upstream_fix": "mariadb 10.1.12, mariadb 5.5.48, mariadb 10.0.24, mysql 5.6.29, mysql 5.5.48, mysql 5.7.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0644\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0644\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html" ], "name": "CVE-2016-0644", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-28T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.", "A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this flaw.", "acknowledgement": "Red Hat would like to thank Akira Fujita (NEC) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7822\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7822" ], "name": "CVE-2014-7822", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.", "A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9147\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9147\nhttps://kb.isc.org/article/AA-01440" ], "name": "CVE-2016-9147", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Theriault as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5455\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5455\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5455" ], "name": "CVE-2017-5455", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "ImageMagick 7.0.7-28 has a memory leak vulnerability in ReadBGRImage in coders/bgr.c." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 6 and 7.\nThis issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 7.0.7-29, ImageMagick 6.9.9-40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17967\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17967" ], "name": "CVE-2018-17967", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-06-29T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Hanno Boeck as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8317\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8317" ], "name": "CVE-2015-8317", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.", "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10883\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10883" ], "name": "CVE-2018-10883", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.", "It has been discovered that lftp does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker-controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system." ], "upstream_fix": "lftp 4.8.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10916\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10916" ], "name": "CVE-2018-10916", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the \"!= 0x1c\" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.", "An integer underflow, leading to heap-based out-of-bound read, was found in the way Exiv2 library prints IPTC Photo Metadata embedded in an image. By persuading a victim to open a crafted image, a remote attacker could crash the application or possibly retrieve a portion of memory." ], "statement": "This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for printing IPTC Photo Metadata.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17724\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17724" ], "name": "CVE-2017-17724", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483" ], "upstream_fix": "libvpx 1.8.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9232\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9232" ], "name": "CVE-2019-9232", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of service via a crafted image file." ], "statement": "This issue affects the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "ImageMagick 7.0.8-11, ImageMagick 6.9.10-11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16645\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16645" ], "name": "CVE-2018-16645", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file." ], "upstream_fix": "exiv 0.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4868\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4868" ], "name": "CVE-2018-4868", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-626", "details": [ "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket.", "It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script." ], "statement": "This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "ruby 2.5.1, ruby 2.3.7, ruby 2.4.4, ruby 2.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8779\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8779\nhttps://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/" ], "name": "CVE-2018-8779", "mitigation": { "value": "It is possible to test for presence of the NULL byte manually prior to call the affected methods.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228", "details": [ "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", "It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2571\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2571\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2571", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-352", "details": [ "The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.", "A flaw was found in the Beacon interface implementation in Firefox. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Christoph Kerschbaumer and Muneaki Nishimura as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0807\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0807\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-37.html" ], "name": "CVE-2015-0807", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-27T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-276", "details": [ "It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory.", "It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory." ], "acknowledgement": "This issue was discovered by Riccardo Schirone (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14650\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14650" ], "name": "CVE-2018-14650", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment." ], "statement": "This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m", "references": [ "https://www.cve.org/CVERecord?id=CVE-2010-5298\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5298\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2010-5298", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-193", "details": [ "An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash)." ], "statement": "This issue affects the versions of libmspack as shipped with Red Hat Enterprise Linux 7.", "upstream_fix": "libmspack 0.7alpha", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14679\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14679" ], "name": "CVE-2018-14679", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1834\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1834" ], "name": "CVE-2016-1834", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2962\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2962" ], "name": "CVE-2019-2962", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges André Bargull as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4478\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4478\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-82.html" ], "name": "CVE-2015-4478", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-27T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jean-Max Reymond and Ucha Gobejishvili as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4497\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4497\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-94.html" ], "name": "CVE-2015-4497", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Filipe Gomes as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5396\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5396\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5396" ], "name": "CVE-2017-5396", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "2.4", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16426\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16426\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16426", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18506\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18506\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2018-18506" ], "name": "CVE-2018-18506", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Black as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12364\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12364\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12364" ], "name": "CVE-2018-12364", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-15T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) by calling the imginfo command with a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8690." ], "upstream_fix": "jasper 1.900.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8884\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8884" ], "name": "CVE-2016-8884", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8905\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8905" ], "name": "CVE-2018-8905", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-04T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.", "A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7910\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7910" ], "name": "CVE-2016-7910", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913." ], "upstream_fix": "mariadb 10.0.22, mariadb 5.5.46, mariadb 10.1.8, mysql 5.6.27, mysql 5.5.46", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4858\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4858\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixMSQL" ], "name": "CVE-2015-4858", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.", "A flaw was found in the Linux kernel, before 4.16.6 where the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory." ], "upstream_fix": "kernel 4.16.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10940\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10940" ], "name": "CVE-2018-10940", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-02T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.", "A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption." ], "statement": "This issue does not affect the kernels as shipping with Red Hat Enterprise Linux 5 and 6. This issue does affect kernels 7, MRG-2 and realtime kernels and plans to be fixed in a future update.", "upstream_fix": "kernel 4.9-rc8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9793\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9793" ], "name": "CVE-2016-9793", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6." ], "statement": "This issue affects the versions of rubygems as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nThis issue affects the versions of rubygems as shipped with Red Hat Satellite version 6 on Red Hat Enterprise Linux version 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "rubygems 2.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000073\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000073\nhttps://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/" ], "name": "CVE-2018-1000073", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8551\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8551" ], "name": "CVE-2019-8551", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution." ], "statement": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "upstream_fix": "tomcat 7.0.81", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12615\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12615\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81" ], "name": "CVE-2017-12615", "mitigation": { "value": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\nBlock HTTP methods that permit resource modification for untrusted users.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10107\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10107" ], "name": "CVE-2017-10107", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-03-18T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2568\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2568" ], "name": "CVE-2014-2568", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-73", "details": [ "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access." ], "upstream_fix": "qt 5.12.7, qt 5.14.0, qt 5.9.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0569\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0569" ], "name": "CVE-2020-0569", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-03-30T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119->CWE-125", "details": [ "In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11046\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11046" ], "name": "CVE-2020-11046", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.", "A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue.", "upstream_fix": "samba 4.5.16, samba 4.6.14, samba 4.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1050\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1050\nhttps://www.samba.org/samba/security/CVE-2018-1050.html" ], "name": "CVE-2018-1050", "mitigation": { "value": "Ensure the paramter:\nrpc_server:spoolss = external\nis not set in the [global] section of your smb.conf.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7205\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7205\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-145.html" ], "name": "CVE-2015-7205", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8763\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8763\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8763", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.", "A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options." ], "acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "upstream_fix": "openssh 7.1p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0778\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0778\nhttp://www.openssh.com/txt/release-7.1p2\nhttps://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt" ], "name": "CVE-2016-0778", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.", "A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of memory and crash." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges Thilo Uttendorfer as the original reporter.", "upstream_fix": "libldb 1.1.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3223\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3223\nhttps://www.samba.org/samba/security/CVE-2015-3223.html" ], "name": "CVE-2015-3223", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-440", "details": [ "An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.", "A flaw was found in the Linux kernel’s implementation of the WiFi station handoff code. An attacker within the radio range could use this flaw to deny a valid device from joining the access point." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5108\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5108" ], "name": "CVE-2019-5108", "mitigation": { "value": "At this time there is no known mitigations to this issue other than to install the updated kernel package.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake." ], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13088\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13088\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13088", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7577\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7577" ], "name": "CVE-2019-7577", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges worcester12345 as the original reporter.", "upstream_fix": "thunderbird 68.10.0, thunderbird 78, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12419\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12419\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419" ], "name": "CVE-2020-12419", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage." ], "upstream_fix": "ImageMagick 6.9.10-36, ImageMagick 7.0.8-36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16708\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16708" ], "name": "CVE-2019-16708", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8815\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8815\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-270", "details": [ "In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.", "It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface." ], "upstream_fix": "flatpak 0.10.3, flatpak 0.8.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6560\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6560" ], "name": "CVE-2018-6560", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-29T00:00:00Z", "cvss3": { "cvss3_base_score": "10.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jed Davis as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18505\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18505\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18505" ], "name": "CVE-2018-18505", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-23T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", "An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image." ], "upstream_fix": "gd 2.2.3, php 5.5.37, php 5.6.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5766\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5766" ], "name": "CVE-2016-5766", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot." ], "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2397\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2397\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-2397", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-07T15:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.", "It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service." ], "acknowledgement": "Red Hat would like to thank Greg Kubok for reporting this issue.", "upstream_fix": "389-ds-base 1.3.6.15, 389-ds-base 1.3.8.1, 389-ds-base 1.4.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1089\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1089" ], "name": "CVE-2018-1089", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-416", "details": [ "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.", "A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a race condition exists in the smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. An attacker could abuse this flaw to corrupt memory and escalate privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20836\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20836" ], "name": "CVE-2018-20836", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-266", "details": [ "The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.", "A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users." ], "upstream_fix": "openssh 7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6563\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6563\nhttp://www.openssh.com/txt/release-7.0" ], "name": "CVE-2015-6563", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-20T18:50:00Z", "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-863", "details": [ "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication. Versions before bluez 5.51 are vulnerable.", "A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bluetooth devices without any form of authentication." ], "acknowledgement": "Red Hat would like to thank Chris Marchesi for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10910\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10910" ], "name": "CVE-2018-10910", "mitigation": { "value": "Disable Bluetooth.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file." ], "statement": "This issue affects the versions of elfutils as shipped with Red Hat Enterprise Linux 5, 6, and 7.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18520\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18520" ], "name": "CVE-2018-18520", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.", "It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service." ], "upstream_fix": "kernel-3.10.0 543.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10741\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10741" ], "name": "CVE-2016-10741", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer." ], "upstream_fix": "mariadb 10.1.18, mariadb 5.5.52, mariadb 10.0.28, mysql 5.5.52, mysql 5.7.15, mysql 5.6.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3492\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3492\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881724.html#AppendixMSQL" ], "name": "CVE-2016-3492", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-10-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-787", "details": [ "In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution." ], "statement": "This issue only affects instances running php-fpm under nginx server software as environment paths and parameters are handled by different code pieces depending on the server php-fpm is running under. The code where this issue is found is used exclusively when php-fpm detects the request came through an nginx server.\nRed Hat Product Security team rated this issue as having a Critical security impact as an attacker may take advantage from the existing bug to cause Remote Code Execution on network exposed software.", "upstream_fix": "php 7.2.24, php 7.1.33, php 7.3.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11043\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11043\nhttps://www.nginx.com/blog/php-fpm-cve-2019-11043-vulnerability-nginx/" ], "name": "CVE-2019-11043", "mitigation": { "value": "1) Check your nginx configuration files, specially the ones related to php-fpm for presence of pattern bellow on fastcgi_split_path_info regex and PATH_INFO parameter:\n~~~\nfastcgi_split_path_info ^(.+?\\.php)(/.*)$;\nfastcgi_param PATH_INFO $fastcgi_path_info;\n~~~\n2) If fastcgi_split_path_info regex matches with the one above, for each fastcgi_param PATH_INFO entry perform the following change:\n~~~\nfastcgi_param PATH_INFO $fastcgi_path_info if_not_empty;\n~~~\nThis step will allow you to safely continue using PATH_INFO parameter while the patch is not applied.\n3) Restart your nginx instance:\n~~~\nsystemctl restart nginx\n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "upstream_fix": "icedtea 1.13.3, icedtea 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0461\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0461\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0461", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.", "A use-after-free vulnerability was found in fw_set_parms in net/sched/cls_fw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain local privilege escalation." ], "upstream_fix": "Kernel 6.5-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3776\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3776\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f" ], "name": "CVE-2023-3776", "mitigation": { "value": "To mitigate this issue, prevent module cls_fw from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw is rated as a having Moderate impact, because only local user with access to VGA console can trigger it (for example if booting with param \"nomodeset\").", "acknowledgement": "Red Hat would like to thank Yunhai Zhang (NSFOCUS Security Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14331\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14331" ], "name": "CVE-2020-14331", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5091\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5091\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091" ], "name": "CVE-2018-5091", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Bogdan Tara, Boris Zbarsky, Christian Holler, Christoph Diehl, Jason Kratzer, Jed Davis, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12376\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12376\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12376" ], "name": "CVE-2018-12376", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.", "A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.\nNote: Impact on Red Hat Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview.", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7221\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7221" ], "name": "CVE-2019-7221", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1." ], "upstream_fix": "libreoffice 6.3.1, libreoffice 6.2.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9854\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9854\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/" ], "name": "CVE-2019-9854", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15692\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15692" ], "name": "CVE-2019-15692", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-185->CWE-400", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2830\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2830" ], "name": "CVE-2020-2830", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-300", "details": [ "The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"BADLOCK.\"", "A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.2.10, samba 4.3.7, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2118\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2118\nhttp://badlock.org/\nhttps://access.redhat.com/articles/2243351\nhttps://access.redhat.com/articles/2253041" ], "csaw": true, "name": "CVE-2016-2118" }, { "threat_severity": "Important", "public_date": "2023-07-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\nWhen u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\nWe recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.", "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\nSimilar CVE-2023-4128 was rejected as a duplicate." ], "upstream_fix": "Kernel 6.5-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4208\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4208\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8\nhttps://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/" ], "name": "CVE-2023-4208", "mitigation": { "value": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.", "A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service." ], "upstream_fix": "389-ds-base 1.3.7.9, 389-ds-base 1.3.6.13, 389-ds-base 1.4.0.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15134\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15134" ], "name": "CVE-2017-15134", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-23T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.", "A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash." ], "upstream_fix": "php 5.5.37, php 5.6.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5768\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5768" ], "name": "CVE-2016-5768", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.", "An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Apache Software Foundation for reporting this issue. Upstream acknowledges Evgeny Kotkov (VisualSVN) as the original reporter.", "upstream_fix": "Subversion 1.8.13, Subversion 1.7.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0248\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0248\nhttps://subversion.apache.org/security/CVE-2015-0248-advisory.txt" ], "name": "CVE-2015-0248", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute arbitrary code when opened." ], "acknowledgement": "This issue was discovered by Raphael Sanchez Prudencio (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8184\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8184\nhttps://github.com/liblouis/liblouis/issues/425" ], "name": "CVE-2014-8184", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges the UK Communications Electronics Security Group of the GCHQ as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1966\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1966\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-31.html" ], "name": "CVE-2016-1966", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6519\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6519\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#AppendixJAVA" ], "name": "CVE-2014-6519", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-18T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:C", "status": "verified" }, "details": [ "The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.", "A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages." ], "statement": "This issue did not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3940\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3940" ], "name": "CVE-2014-3940", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information.", "A data leak was found in gdImageCreateFromGifCtx() in GD Graphics Library used in PHP before 5.6.31 and 7.1.7. An attacker could craft a malicious GIF image and read up to 762 bytes from stack." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. We recommend avoiding usage of the functions gdImageCreateFromGifCtx() and imagecreatefromstring() as they can lead to stack data leak.\nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "php 7.1.7, php 7.0.21, php 5.6.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7890\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7890" ], "name": "CVE-2017-7890", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-26T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.", "An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank Don A. Bailey (Lab Mouse Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4607\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4607" ], "name": "CVE-2014-4607", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.", "It was discovered that Dovecot incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users." ], "upstream_fix": "dovecot 2.3.4.1, dovecot 2.2.36.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3814\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3814\nhttps://www.dovecot.org/list/dovecot/2019-February/114575.html" ], "name": "CVE-2019-3814", "mitigation": { "value": "Attack can be migitated by having the certificates with proper Extended Key Usage, such as 'TLS Web Server' and 'TLS Web Server Client'. Also client-side certification authentication can be turned off using:\nauth_ssl_require_client_cert = no\nauth_ssl_username_from_cert = no", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-667", "details": [ "The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.", "A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5. This issue does affect the kernels shipped with Red Hat Enterprise Linux 6, 7, MRG-2 and realtime kernels and plans to be addressed in a future update.", "acknowledgement": "Red Hat would like to thank Dmitry Vyukov (Google engineering) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8539\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8539\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd" ], "name": "CVE-2015-8539", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-09T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple \"keyctl newring\" operations followed by a \"keyctl timeout\" operation.", "A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system." ], "statement": "This issue does not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "acknowledgement": "Red Hat would like to thank Frey Alfredsson for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3631\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3631" ], "name": "CVE-2014-3631", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7778\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7778\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7778", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-07T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.", "An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3281\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3281" ], "name": "CVE-2015-3281", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-11-23T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror." ], "upstream_fix": "pcre 8.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8385\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8385" ], "name": "CVE-2015-8385", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-03T22:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-385->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "Please see the Vulnerability Response article for the full list of updates available and a detailed discussion of this issue.", "acknowledgement": "Red Hat would like to thank Google Project Zero for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5715\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5715\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://spectreattack.com/" ], "csaw": true, "name": "CVE-2017-5715" }, { "threat_severity": "Important", "public_date": "2019-08-28T10:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.", "A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path." ], "acknowledgement": "Red Hat would like to thank Huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14816\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7caac62ed598a196d6ddf8d9c121e12e082cac3a" ], "name": "CVE-2019-14816", "mitigation": { "value": "At this time there is no mitigation to the flaw, if you are able to disable wireless and your system is able to work this will be a temporary mitigation until a kernel update is available for installation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file, a different vulnerability than CVE-2014-8137." ], "upstream_fix": "jasper 1.900.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1577\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1577" ], "name": "CVE-2016-1577", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page." ], "upstream_fix": "thunderbird 60.5.1, firefox ESR 60.5.1, firefox 65.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5785\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5785" ], "name": "CVE-2019-5785", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10108\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10108" ], "name": "CVE-2017-10108", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:P/A:C", "status": "verified" }, "cwe": "CWE-190", "details": [ "Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.", "An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4656\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4656" ], "name": "CVE-2014-4656", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.", "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image." ], "acknowledgement": "Red Hat would like to thank Wen Xu for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1094\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1094" ], "name": "CVE-2018-1094", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.", "A flaw was found in the Linux kernel's ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19447\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19447\nhttps://bugzilla.kernel.org/show_bug.cgi?id=205433\nhttps://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447" ], "name": "CVE-2019-19447", "mitigation": { "value": "Ext4 filesytems are built into the kernel so it is not possible to prevent the kernel module from loading. However, this flaw can be prevented by disallowing mounting of untrusted filesystems.\nAs mounting is a privileged operation, (except for device hotplug) removing the ability for mounting and unmounting will prevent this flaw from being exploited.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.", "A vulnerability was discovered in Tomcat where the CORS Filter did not send a \"Vary: Origin\" HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches." ], "upstream_fix": "tomcat 7.0.79, tomcat 8.0.45, tomcat 8.5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7674\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7674\nhttps://tomcat.apache.org/security-7.html\nhttps://tomcat.apache.org/security-8.html" ], "name": "CVE-2017-7674", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-28T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.", "A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks." ], "statement": "This security flaw can only be exploited when a malicious client negotiates SSLv2 ciphers and completes a SSLv2 handshake. This flaw cannot be actively exploited by a Man-In-The-Middle attacker. \nAll versions of OpenSSL shipped with Red Hat Enterprise Linux enable SSLv2 protocol, but disable SSLv2 ciphers by default (in Red Hat Enterprise Linux 6 and later), therefore are vulnerable to this flaw. Red Hat Product Security has rated this issue as having Low security impact, a future update may address this flaw.\nSSLv2 suffers from a number of security flaws allowing attackers to capture and alter information passed between a client and the server. Therefore we strongly recommend that SSLv2 should be disabled on all the SSL/TLS servers.", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters.", "upstream_fix": "openssl 1.0.1r, openssl 1.0.2f", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3197\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3197\nhttps://www.openssl.org/news/secadv/20160128.txt" ], "name": "CVE-2015-3197", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381." ], "upstream_fix": "mariadb 5.5.41, mariadb 10.0.16, mysql 5.6.22, mysql 5.5.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0382\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0382\nhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL" ], "name": "CVE-2015-0382", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19060\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19060" ], "name": "CVE-2018-19060", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-190->CWE-121", "details": [ "Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow." ], "statement": "This issue does not affect the version of rpm package as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8118\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8118" ], "name": "CVE-2014-8118", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges the OSS-Fuzz project as the original reporter.", "upstream_fix": "curl 7.60.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000301\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000301\nhttps://curl.haxx.se/docs/adv_2018-b138.html" ], "name": "CVE-2018-1000301", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abdulrahman Alqabandi as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1958\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1958\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-21.html" ], "name": "CVE-2016-1958", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8710\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8710\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8710", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.", "An infinite loop has been discovered in Exempi in the way it handles Extensible Metadata Platform (XMP) data in QuickTime files. An attacker could cause a denial of service via a crafted file." ], "statement": "This issue did not affect the versions of Exempi as shipped with Red Hat Enterprise Linux 6 as they did not include the vulnerable code.", "upstream_fix": "exempi 2.4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18238\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18238" ], "name": "CVE-2017-18238", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-01T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.", "A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5366\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5366" ], "name": "CVE-2015-5366", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.", "It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application." ], "statement": "The flaw in Log4j-1.x is now identified by CVE-2019-17571. CVE-2017-5645 has been assigned by MITRE to a similar flaw identified in Log4j-2.x", "upstream_fix": "log4j 2.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5645\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5645" ], "name": "CVE-2017-5645", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-10T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service (application crash) via a crafted file." ], "upstream_fix": "wireshark 1.10.10, wireshark 1.12.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6429\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6429\nhttps://www.wireshark.org/security/wnpa-sec-2014-19.html" ], "name": "CVE-2014-6429", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL." ], "upstream_fix": "mariadb 10.0.17, mariadb 5.5.42, mysql 5.6.23, mysql 5.5.42", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2573\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2573\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL" ], "name": "CVE-2015-2573", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20662\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20662" ], "name": "CVE-2018-20662", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.", "A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Kirill Tkhai for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15129\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15129" ], "name": "CVE-2017-15129", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd." ], "statement": "This issue affects the versions of keepalived as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThe keepalived packages shipped with Red Hat Enterprise Linux 6 and 7 are not built with dbus support, therefore vulnerable PrintData and PrintStats methods are not compiled in resulting RPM, which means this issue cannot be exploited via dbus messages on Red Hat Enterprise Linux 6 and 7. However, creation of pidfiles is also vulnerable to symlink attack and it is possible for local attacker to overwrite arbitrary file with the process identifiers of keepalived processes, but only if keepalived was launched with option to change pidfile location pointing to unsafe location and attacker is able to exploit Time-of-check Time-of-use race condition and create a symlink during a very small time frame in the same location the pidfile was specified. The default location used for pidfiles is safe. Red Hat Enterprise Linux 7 is by default configured with fs.protected_symlinks=1 which largely mitigates symlink attacks.", "upstream_fix": "keepalived 2.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19044\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19044" ], "name": "CVE-2018-19044", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-10T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-377", "details": [ "The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.", "It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files." ], "acknowledgement": "This issue was discovered by Harald Hoyer (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0267\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0267" ], "name": "CVE-2015-0267", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-456", "details": [ "The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9446\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9446\nhttps://scarybeastsecurity.blogspot.sk/2016/11/0day-poc-risky-design-decisions-in.html" ], "name": "CVE-2016-9446", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-697->CWE-284", "details": [ "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.", "A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges." ], "acknowledgement": "Red Hat would like to thank Jan Rybar (freedesktop.org) for reporting this issue. Upstream acknowledges Jann Horn (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6133\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6133\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1692" ], "name": "CVE-2019-6133", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11089\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11089" ], "name": "CVE-2020-11089", "mitigation": { "value": "The vulnerability is associated with the use of the command line options: /drive, +multitouch, /paralell, /printer, and /servial. To mitigate this vulnerability, do not use these commands.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7176\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7176\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7176", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.", "A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7394\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7394" ], "name": "CVE-2017-7394", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-01-20T00:00:00Z", "cvss": { "cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-294", "details": [ "NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.", "It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client." ], "statement": "This issue did not affect the versions of ntp as shipped with Red Hat Enterprise Linux 5 as they do not include the affected code, which was introduced in version 4.2.6 of NTP.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8138\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8138\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit\nhttp://www.talosintel.com/reports/TALOS-2016-0077/" ], "name": "CVE-2015-8138", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows \"DHCP - Infinite read in dhcp_attr2vp()\" and a denial of service.", "An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request." ], "acknowledgement": "Red Hat would like to thank the FreeRADIUS project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "freeradius 3.0.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10986\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10986\nhttp://freeradius.org/security/fuzzer-2017.html" ], "name": "CVE-2017-10986", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake." ], "statement": "This issues affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7.\nThis issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13087\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13087\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13087", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10115\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10115" ], "name": "CVE-2017-10115", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-04T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9750, CVE-2014-9751. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2014-9750 and CVE-2014-9751 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage", "It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses." ], "statement": "This issue affects the versions of ntp as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nTo mitigate this issue, you may use the ip6tables command to prevent spoofing of local addresses on any network interface other than the loopback interface. Refer to the Mitigation section on our KBase article: https://access.redhat.com/articles/1305723", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9298\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9298\nhttp://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so" ], "name": "CVE-2014-9298", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.", "A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code." ], "upstream_fix": "squid 4.0.9, squid 3.5.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4051\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4051\nhttp://www.squid-cache.org/Advisories/SQUID-2016_5.txt" ], "name": "CVE-2016-4051", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-12T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-120", "details": [ "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.", "A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.", "acknowledgement": "Red Hat would like to thank Philip Pettersson (Samsung) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0758\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0758" ], "name": "CVE-2016-0758", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", "A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "upstream_fix": "nss 3.39, nss 3.36.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12384\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12384\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes" ], "name": "CVE-2018-12384", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.", "A flaw in the Linux kernel's WiFi beacon validation code was discovered. The code does not check the length of the variable length elements in the beacon head potentially leading to a buffer overflow. System availability, as well as data confidentiality and integrity, can be impacted by this vulnerability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16746\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16746" ], "name": "CVE-2019-16746", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.", "A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege escalation but the impact of modifications on these filesystems of files in production systems may have adverse affects." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18397\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18397" ], "name": "CVE-2018-18397", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5378\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5378\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5378" ], "name": "CVE-2017-5378", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122->CWE-125", "details": [ "libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16403\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16403" ], "name": "CVE-2018-16403", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-843", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2628\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2628\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2628", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-17T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-704->CWE-681->CWE-805", "details": [ "The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.", "An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server." ], "upstream_fix": "libXfont 1.4.9, libXfont 1.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1804\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1804\nhttp://www.x.org/wiki/Development/Security/Advisory-2015-03-17/" ], "name": "CVE-2015-1804", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c." ], "upstream_fix": "ImageMagick 7.0.8-40, ImageMagick 6.9.10-40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16711\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16711" ], "name": "CVE-2019-16711", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.", "A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query." ], "statement": "This issue does not affect the versions of OpenLDAP as shipped with Red Hat Enterprise Linux 6 and 7 as they don't use the affected MDB backend in their default configurations. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9287\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9287\nhttp://www.openldap.org/its/?findid=8655" ], "name": "CVE-2017-9287", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T12:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.", "It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed." ], "statement": "* This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.\n* Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.", "acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue.", "upstream_fix": "libvirt 4.10.1, libvirt 5.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10166\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10166\nhttps://access.redhat.com/libvirt-privesc-vulnerabilities" ], "csaw": true, "name": "CVE-2019-10166", "mitigation": { "value": "The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8677\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8677\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8677", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-06T14:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "The Red Hat Enterprise Linux 7.2 and later kernels default to a safe /proc/sys/kernel/perf_event_paranoid setting; local administrators may have reason to change the setting to allow non privileged users to monitor performance statistics.", "acknowledgement": "Red Hat would like to thank Ryota Shiga (Flatt Security) and Zero Day Initiative for reporting this issue.", "upstream_fix": "kernel 5.8.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14351\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14351" ], "name": "CVE-2020-14351", "mitigation": { "value": "While there is no way to disable the perf subsystem on Linux systems, reducing or removing users access to the perf events can effectively mitigate this flaw. Upstream kernel documentation has been written regarding this mechanism: https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-31T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-200", "details": [ "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6519\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6519\nhttps://www.kb.cert.org/vuls/id/550620" ], "name": "CVE-2017-6519", "mitigation": { "value": "Ensure UDP port 5353 is blocked in the firewall. Moreover, configure correctly the rate limiting options based on your needs (see ratelimit-interval-usec and ratelimit-burst options in /etc/avahi/avahi-daemon.conf).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-02-20T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.", "A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system." ], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2706\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2706" ], "name": "CVE-2014-2706", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2012-09-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.", "It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory." ], "statement": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as their XMLRPC library did not include support for gzip encoded content.", "upstream_fix": "python 3.3.7, python 3.4.3, python 2.7.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-1753\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1753" ], "name": "CVE-2013-1753", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-284|CWE-250)", "details": [ "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.", "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges." ], "statement": "* This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.\n* Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.", "acknowledgement": "This issue was discovered by Jan Tomko (Red Hat).", "upstream_fix": "libvirt 4.10.1, libvirt 5.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10168\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10168\nhttps://access.redhat.com/libvirt-privesc-vulnerabilities" ], "csaw": true, "name": "CVE-2019-10168", "mitigation": { "value": "The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2019-07-31T13:40:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L", "status": "verified" }, "cwe": "CWE-22->CWE-94", "details": [ "It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.", "It was found that icedtea-web did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user." ], "acknowledgement": "Red Hat would like to thank Imre Rad for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10182\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10182" ], "name": "CVE-2019-10182", "mitigation": { "value": "No known mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "Sites can bypass security checks on permissions to install lightweight themes by manipulating the \"baseURI\" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5168\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5168\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5168" ], "name": "CVE-2018-5168", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file." ], "upstream_fix": "gstreamer1-plugins-good 1.10.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10198\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10198" ], "name": "CVE-2016-10198", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2837\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2837\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-77.html" ], "name": "CVE-2016-2837", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-09-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in ImageMagick 7.0.7. A memory leak vulnerability was found in the function WriteGIFImage in coders/gif.c, which allow remote attackers to cause a denial of service via a crafted file.", "A memory leak vulnerability has been discovered in ImageMagick in the WriteGIFImage function of coders/gif.c file. An attacker could use this flaw to cause a denial of service via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18254\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18254" ], "name": "CVE-2017-18254", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.", "A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10930\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10930" ], "name": "CVE-2018-10930", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by correcting the extraction of the length value.", "A denial of service flaw was found in the SIGCOMP dissector in Wireshark. A remote network attacker could potentially use this flaw to crash Wireshark by tricking it into processing a crafted packet." ], "upstream_fix": "wireshark 2.2.13, wireshark 2.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7418\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7418\nhttps://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14410\nhttps://www.wireshark.org/security/wnpa-sec-2018-13.html" ], "name": "CVE-2018-7418", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch", "A buffer overflow flaw was found in the SPNEGO implementation used by BIND. This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "BIND servers shipped with Red Hat Enterprise Linux are compiled with GSS-TSIG and are therefore affected by this flaw. However, these BIND packages use the default settings and are not vulnerable by default.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Trend Micro Zero Day Initiative as the original reporter.", "upstream_fix": "bind 9.11.28, bind 9.16.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8625\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8625\nhttps://kb.isc.org/docs/cve-2020-8625" ], "name": "CVE-2020-8625", "mitigation": { "value": "As per upstream:\nBIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.\nIn a configuration which uses BIND's default settings, the vulnerable code path is NOT exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options.\nAlthough the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers.\nThis vulnerability only affects servers configured to use GSS-TSIG, most often to sign dynamic updates. If another mechanism can be used to authenticate updates, the vulnerability can be avoided by choosing not to enable the use of GSS-TSIG features.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-567", "details": [ "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack." ], "upstream_fix": "freeradius-server 3.0.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17185\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17185" ], "name": "CVE-2019-17185", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20->CWE-119", "details": [ "A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Philipp as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12385\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12385\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12385" ], "name": "CVE-2018-12385", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-07T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.", "An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5.\nThis issue does affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for\nthe respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Robert Święcki for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7825\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7825" ], "name": "CVE-2014-7825", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-6370\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6370" ], "name": "CVE-2013-6370", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-06T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-611", "details": [ "libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.", "It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system." ], "statement": "This issue affects the versions of libvirt as shipped with Red Hat Enterprise Linux 5, however the impact is limited to denial of service since it does not support fine grained access control.", "acknowledgement": "Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5177\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5177\nhttp://security.libvirt.org/2014/0003.html" ], "name": "CVE-2014-5177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-05T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-662->CWE-300", "details": [ "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.", "An information leak flaw was found in the wathe PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Stephen Frost as the original reporter.", "upstream_fix": "postgresql 9.3.6, postgresql 9.1.15, postgresql 9.0.19, postgresql 9.2.10, postgresql 9.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8161\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8161\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2014-8161", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage" ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Max Dymond as the original reporter.", "upstream_fix": "curl 7.59.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000122\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000122\nhttps://curl.haxx.se/docs/adv_2018-b047.html" ], "name": "CVE-2018-1000122", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2729\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2729\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-62.html" ], "name": "CVE-2015-2729", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-08-31T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.", "An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution." ], "upstream_fix": "Chrome 53.0.2785.89", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5158\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5158\nhttps://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html" ], "name": "CVE-2016-5158", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font." ], "upstream_fix": "Firefox ESR 38.6.1, Firefox 45", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1969\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1969\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-38/" ], "name": "CVE-2016-1969", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.", "Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid." ], "upstream_fix": "squid 4.0.9, squid 3.5.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4053\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4053\nhttp://www.squid-cache.org/Advisories/SQUID-2016_6.txt" ], "name": "CVE-2016-4053", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-20T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-304", "details": [ "NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a \"skeleton key.\"", "A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A)." ], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7974\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7974\nhttp://support.ntp.org/bin/view/Main/NtpBug2936\nhttp://www.talosintel.com/reports/TALOS-2016-0071/" ], "name": "CVE-2015-7974", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-01T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability.", "A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6480\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6480" ], "name": "CVE-2016-6480", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.", "A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter and the OSS-Fuzz project as the original reporters.", "upstream_fix": "curl 7.56.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000257\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000257\nhttps://curl.haxx.se/docs/adv_20171023.html" ], "name": "CVE-2017-1000257", "mitigation": { "value": "Switch off IMAP in `CURLOPT_PROTOCOLS`", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.", "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to move arbitrary files." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3716\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3716" ], "name": "CVE-2016-3716", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.", "A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution." ], "statement": "This issue affects the version of OpenOffice.org as shipped in Red Hat Enterprise Linux 5, and the version of LibreOffice as shipped in Red Hat Enterprise Linux 6.\nRed Hat Product Security has rated this issue as having Moderate security impact and is not planned to be addressed in any future updates.", "upstream_fix": "openoffice.org 4.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3575\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3575" ], "name": "CVE-2014-3575", "mitigation": { "value": "- Whenever possible, exercise caution when opening documents sent by unknown/untrusted parties.\n- If \"Update Links\" dialog is seen, when opening a document, do not send this document to others, since it may be possible that local files got attached to the document. (The exploit only works when the document is sent over to the attacker after opening it on your system using LibreOffice/OpenOffice)", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.", "Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid." ], "upstream_fix": "squid 4.0.9, squid 3.5.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4054\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4054\nhttp://www.squid-cache.org/Advisories/SQUID-2016_6.txt" ], "name": "CVE-2016-4054", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2818\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2818" ], "name": "CVE-2019-2818", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7310\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7310" ], "name": "CVE-2019-7310", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call." ], "upstream_fix": "gstreamer1-plugins-good 1.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9810\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9810" ], "name": "CVE-2016-9810", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.", "The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed or is not exploitable.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-11600\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11600" ], "name": "CVE-2017-11600", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-665->(CWE-200|CWE-89)", "details": [ "A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.", "A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction." ], "statement": "This vulnerability is only exploitable where an attacker can provide or influence connection parameters to a PostgreSQL client application using libpq. Contrib modules \"dblink\" and \"postgres_fdw\" are examples of applications affected by this flaw.\nRed Hat Virtualization includes vulnerable versions of postgresql. However this flaw is not known to be exploitable under any supported configuration of Red Hat Virtualization. A future update may address this issue.\nThis issue affects the versions of the rh-postgresql95-postgresql package as shipped with Red Hat Satellite 5.7 and 5.8. However, this flaw is not known to be exploitable under any supported scenario in Satellite 5. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter.", "upstream_fix": "postgresql 9.6.10, postgresql 9.5.14, postgresql 9.3.24, postgresql 10.5, postgresql 9.4.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10915\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10915\nhttps://www.postgresql.org/about/news/1878/" ], "name": "CVE-2018-10915", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "1.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.", "It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information." ], "statement": "It seems that this flaw is not practically exploitable, the leak of host private key material to the privilege-separated child processes is theoretical. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users. Because of the this restriction for successful exploitation, this issue has been rated as having Low security impact. A future update may address this flaw.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10011\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10011\nhttps://www.openssh.com/txt/release-7.4" ], "name": "CVE-2016-10011", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-27T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (NULL Pointer Dereference) via a crafted iso file.", "A NULL pointer dereference flaw was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files." ], "upstream_fix": "libcdio 1.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18199\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18199" ], "name": "CVE-2017-18199", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7819\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7819\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7819" ], "name": "CVE-2017-7819", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.", "A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10769\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10769" ], "name": "CVE-2020-10769", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-05T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access.", "A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Eric Windisch (Docker project) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0274\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0274" ], "name": "CVE-2015-0274", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423." ], "upstream_fix": "icedtea 2.4.7, icedtea 1.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0458\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0458\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA" ], "name": "CVE-2014-0458", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "upstream_fix": "thunderbird 68.3, firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17010\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17010\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010" ], "name": "CVE-2019-17010", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-19T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.", "A vulnerability was found in libarchive's handling of 7zip data. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution." ], "upstream_fix": "libarchive 3.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4300\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4300\nhttp://www.talosintel.com/reports/TALOS-2016-0152/" ], "name": "CVE-2016-4300", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9796\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9796\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796" ], "name": "CVE-2019-9796", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119->CWE-125", "details": [ "In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11058\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11058" ], "name": "CVE-2020-11058", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..", "A flaw was found in the webkitgtk package. Affected versions of this package are vulnerable to a buffer overflow caused by improper bounds checking by the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-30666\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30666\nhttps://webkitgtk.org/security/WSA-2021-0004.html" ], "name": "CVE-2021-30666", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-02T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803." ], "upstream_fix": "nettle 3.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8805" ], "name": "CVE-2015-8805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-04T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-772->CWE-200", "details": [ "In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.", "An information-leak flaw was found in the Linux kernel's pcan USB driver. When a device using this driver connects to the system, the stack information is leaked to the CAN bus, a controller area network for automobiles. The highest threat with this vulnerability is breach of data confidentiality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19534\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19534" ], "name": "CVE-2019-19534", "mitigation": { "value": "As the devices module will be auto-loaded when the USB CAN bus adapter is connected, its can be disabled by preventing the module from loading with the following instructions:\n# echo \"install peak_usb /bin/true\" >> /etc/modprobe.d/disable-peak-usb-canbus.conf \nThe system will need to be restarted if the peak_usb module is already loaded. In most circumstances, the kernel modules will be unable to be unloaded while any CAN bus interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-252", "details": [ "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "statement": "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8035\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8035" ], "name": "CVE-2015-8035", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-12T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126.", "It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8472\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8472" ], "name": "CVE-2015-8472", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7572\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7572" ], "name": "CVE-2019-7572", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Richard Zhu and Amat Cama via Trend Micro's Zero Day Initiative as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9810\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9810\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9810" ], "name": "CVE-2019-9810", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11088\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11088" ], "name": "CVE-2020-11088", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7497\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7497" ], "name": "CVE-2015-7497", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-16T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory access) or possibly have unspecified other impact via a crafted ELF file.", "A flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory." ], "upstream_fix": "file 5.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9653\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9653" ], "name": "CVE-2014-9653", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions." ], "statement": "This issue affects the verison of wireshark as shipped with Red Hat Enterprsie Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "wireshark 1.12.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6243\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6243\nhttps://www.wireshark.org/security/wnpa-sec-2015-23" ], "name": "CVE-2015-6243", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.", "It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.2.10, samba 4.4.1, samba 4.3.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2115\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2115\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2115", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL." ], "statement": "This issue affects the versions of mysql and mysql55 packages as shipped with Red Hat Enterprise Linux 5, 6 and 7. This issue affects the version of mariadb and mariadb55 packages as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.", "upstream_fix": "mariadb 5.5.43, mariadb 10.0.18, mysql 5.6.24, mysql 5.5.43", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0505\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0505\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL" ], "name": "CVE-2015-0505", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Ehsan Akhgari, Gary Kwong, Jon Coppeard, Olli Pettay, Philipp, Tooru Fujisawa, and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5290\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5290\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-90.html" ], "name": "CVE-2016-5290", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1838\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1838" ], "name": "CVE-2016-1838", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext." ], "statement": "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", "upstream_fix": "python-urllib3 1.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20060\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20060" ], "name": "CVE-2018-20060", "mitigation": { "value": "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-21T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command.", "An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2180\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2180\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2180", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.", "A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6952\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6952" ], "name": "CVE-2018-6952", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8103\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8103\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8103", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).", "It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value at any time." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "acknowledgement": "Red Hat would like to thank Aanchal Malhotra (Boston University), Isaac E. Cohen (Boston University), and Sharon Goldberg (Boston University) for reporting this issue.", "upstream_fix": "ntp 4.2.8p4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5300\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5300\nhttps://www.cs.bu.edu/~goldbe/NTPattack.html" ], "name": "CVE-2015-5300", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-05T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-358", "details": [ "The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Linn Crosetto (HP) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3699\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3699" ], "name": "CVE-2016-3699", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges firehack as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2819\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2819\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-50.html" ], "name": "CVE-2016-2819", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-12T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage", "A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user." ], "upstream_fix": "mariadb 5.5.52, mariadb 10.0.28, mariadb 10.1.18, mysql 5.5.52, mysql 5.7.15, mysql 5.6.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5616\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5616\nhttps://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.txt" ], "name": "CVE-2016-5616", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.", "A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 starting with the version kernel-3.10.0-514.el7, that is with Red Hat Enterprise Linux 7.3 GA. Prior Red Hat Enterprise Linux 7 kernel versions are not affected.\nIn order to exploit this issue, the system needs to be manually configured by privileged user. The default Red Hat Enterprise Linux 7 configuration is not vulnerable.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7477\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7477" ], "name": "CVE-2017-7477", "mitigation": { "value": "Red Hat recommends blacklisting the kernel module to prevent its use. This will prevent accidental version loading by administration and also mitigate the flaw if a kernel with the affected module is booted.\nAs the macsec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\nRaw\n# echo \"install macsec /bin/true\" >> /etc/modprobe.d/disable-macsec.conf \nIf macsec functionality is in use as a functional part of the system a kernel upgrade is required.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-193", "details": [ "An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.", "An off-by-one read vulnerability was discovered in ImageMagick in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program." ], "acknowledgement": "This issue was discovered by Riccardo Schirone (Red Hat Product Security).", "upstream_fix": "ImageMagick 6.9.9-40, ImageMagick 7.0.7-28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10131\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10131" ], "name": "CVE-2019-10131", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11522\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11522" ], "name": "CVE-2020-11522", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer.", "A use-after-free flaw was found in the way JasPer, before version 2.0.12, decode certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash." ], "acknowledgement": "Red Hat would like to thank Liu Bingchang (IIE) for reporting this issue.", "upstream_fix": "jasper 2.0.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9591\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9591" ], "name": "CVE-2016-9591", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet." ], "statement": "This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5. This issue affects the verison of wireshark as shipped with Red Hat Enterprise Linux 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6.", "upstream_fix": "wireshark 1.12.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6246\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6246\nhttps://www.wireshark.org/security/wnpa-sec-2015-26" ], "name": "CVE-2015-6246", "mitigation": { "value": "This flaw can be mitigated in wireshark by disabling the waveagent protocol dissector. In wireshark GUI application click on Analyze->Enabled Protocols and search for \"waveagent\" and disable in. When using \"tshark\", the text interface, create a file called \"disabled_protos\" in the preferences folder (normally .wireshark folder in the home directory of the user running wireshark) and add \"waveagent\" to it. This should disable the waveagent protocol.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An error within the \"LibRaw::unpack()\" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.", "A NULL pointer dereference flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images." ], "upstream_fix": "LibRaw 0.18.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5801\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5801\nhttps://packetstormsecurity.com/files/146172/secunia-libraw.txt" ], "name": "CVE-2018-5801", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.", "It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs." ], "statement": "* This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.\n* Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.\n* On Red Hat Enterprise Linux 6, the impact of this vulnerability is limited to denial of service or disclosing the existence of arbitrary files. Privilege escalation is not possible. For RHEL6, this CVE is rated as Moderate severity with 7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H", "acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue.", "upstream_fix": "libvirt 4.10.1, libvirt 5.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10161\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10161\nhttps://access.redhat.com/libvirt-privesc-vulnerabilities" ], "csaw": true, "name": "CVE-2019-10161", "mitigation": { "value": "The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2017-09-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.", "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "acknowledgement": "Red Hat would like to thank Jim Mattson (Google.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12154\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12154" ], "name": "CVE-2017-12154", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "An error within the \"kodak_radc_load_raw()\" function (internal/dcraw_common.cpp) related to the \"buf\" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.", "An out-of-bounds read flaw was found in the way LibRaw processed images. An attacker could potentially use this flaw to crash applications using LibRaw by tricking them into processing crafted images." ], "upstream_fix": "LibRaw 0.18.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5802\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5802\nhttps://packetstormsecurity.com/files/146172/secunia-libraw.txt" ], "name": "CVE-2018-5802", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", "It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it." ], "statement": "This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Low security impact and does not plan to address this flaw for the above components in any future security updates.\nThis issue affects the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 1.0.0p, OpenSSL 0.9.8zd, OpenSSL 1.0.1k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3570\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3570\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-3570", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "upstream_fix": "chromium-browser 73.0.3683.75", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5798\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5798\nhttps://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" ], "name": "CVE-2019-5798", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.", "A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code." ], "upstream_fix": "openssl 1.0.1i, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3509\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3509\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3509", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5240\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5240" ], "name": "CVE-2016-5240", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-02-21T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.", "A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application." ], "statement": "This issue does not affect the version of glibc package as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1473\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1473" ], "name": "CVE-2015-1473", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2659\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2659\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2659", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.", "A flaw was found in git. Credentials can be leaked through the use of a crafted URL that contains a newline, fooling the credential helper to give information for a different host. Highest threat from the vulnerability is to data confidentiality." ], "statement": "Red Hat Enterprise Linux 6 is not affected by this flaw as the vulnerable version of git, version 1.7.9-rc0 and later, was never packaged for this instance of RHEL.", "acknowledgement": "Red Hat would like to thank the Git project for reporting this issue. Upstream acknowledges Felix Wilhelm (Google project zero) as the original reporter.", "upstream_fix": "git 2.19.4, git 2.26.1, git 2.20.3, git 2.18.3, git 2.21.2, git 2.17.4, git 2.22.3, git 2.24.2, git 2.23.2, git 2.25.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-5260\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5260\nhttps://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q\nhttps://lore.kernel.org/git/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/" ], "name": "CVE-2020-5260", "mitigation": { "value": "The most complete workaround is to disable credential helpers altogether:\n~~~\ngit config --unset credential.helper\ngit config --global --unset credential.helper\ngit config --system --unset credential.helper\n~~~\nAn alternative is to avoid malicious URLs:\n1. Examine the hostname and username portion of URLs fed to git clone for the presence of encoded newlines (%0a) or evidence of credential-protocol injections (e.g., host=github.com)\n2. Avoid using submodules with untrusted repositories (don't use clone --recurse-submodules; use git submodule update only after examining the URLs found in .gitmodules)\n3. Avoid tools which may run git clone on untrusted URLs under the hood", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2013-10-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.", "A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU." ], "statement": "Fuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\nRed Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Server 4 and 5; Red Hat JBoss Enterprise Web Platform 5; Red Hat JBoss SOA Platform 4 and 5; and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "upstream_fix": "xerces-j2 2.12.0, icedtea 2.4.3, icedtea 1.12.7, icedtea 1.11.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4002\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4002\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" ], "name": "CVE-2013-4002", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-21T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.", "Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9634\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9634\nhttps://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html" ], "name": "CVE-2016-9634", "mitigation": { "value": "This mitigation is only required if vulnerable gstreamer-plugins-good and/or gstreamer1-plugins-good packages are installed.\nFor RHEL 7,\nsudo rm /usr/lib*/gstreamer-1.0/libgstflxdec.so\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so\nFor RHEL 5 and RHEL 6,\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so\nPlease note that this mitigation deletes the vulnerable FLI/FLC/FLX animation demuxer file(s), which removes the functionality to play FLI/FLC/FLX animation files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.", "A flaw was found in the Linux kernel's implementation of the FUSE filesystem, where it allows a page reference counter overflow. If a page reference counter overflows into a negative value, it can be placed back into the \"free\" list for reuse by other applications. This flaw allows a local attacker who can manipulate memory page reference counters to cause memory corruption and possible privilege escalation by triggering a use-after-free condition.\nThe current attack requires the system to have approximately 140 GB of RAM for this attack to be performed. It may be possible that the attack can occur with fewer memory requirements." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11487\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11487" ], "name": "CVE-2019-11487", "mitigation": { "value": "Preventing loading of the 'fuse' kernel module will prevent attackers from using this exploit against the system; howeve the functionality of being able to access the filesystems that would be allowed by fuse would no longer be allowed . See “How do I blacklist a kernel module to prevent it from loading automatically?\" ( https://access.redhat.com/solutions/41278) for instructions on how to disable the 'fuse' kernel module from autoloading. This mitigation may not be suitable if access to the functionality provided by fuse is required.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.", "An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4556\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4556\nhttp://www.squid-cache.org/Advisories/SQUID-2016_9.txt" ], "name": "CVE-2016-4556", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9." ], "statement": "This issue affects:\n* All current versions of Red Hat OpenStack Platform. However, version 8 is due to retire on the 20th of April 2019, there are no more planned releases prior to this date.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9740\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9740" ], "name": "CVE-2019-9740", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-330", "details": [ "The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10." ], "statement": "This vulnerability was originally assigned CVE-2018-4700, but after the publication of security errata the identifier was changed to CVE-2018-4300. Both identifiers refer to the same vulnerability. Since some sources use CVE-2018-4700 and others use CVE-2018-4300, Red Hat security advisories for this vulnerability have been amended to include both identifiers.", "upstream_fix": "cups 2.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4300\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4300" ], "name": "CVE-2018-4300", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.", "A flaw was found in the Dynamic Host Configuration Protocol (DHCP). There is a discrepancy between the code that handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage. This flaw allows an attacker to deliberately cause a situation where dhcpd while running in DHCPv4 or DHCPv6 mode, or the dhclient attempts to read a stored lease that contains option information, to trigger a stack-based buffer overflow in the option parsing code for colon-separated hex digits values. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability." ], "statement": "To abuse this flaw an attacker has to be on the same local sub-net of the victim machine. An attacker may send crafted DHCP messages with long lease statements that, when stored locally on file and then re-read by dhclient or dhcpd, might trigger the bug.", "upstream_fix": "dhcp 4.4.2-P1, dhcp 4.1-ESV-R16-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-25217\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25217\nhttps://kb.isc.org/docs/cve-2021-25217" ], "name": "CVE-2021-25217", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).", "A flaw was found in Squid, where a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This issue occurs because the attacker can overflow the nonce reference counter, which results in remote code execution if the pooled token credentials are freed." ], "upstream_fix": "squid 4.11, squid 5.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11945\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11945\nhttp://www.squid-cache.org/Advisories/SQUID-2020_4.txt" ], "name": "CVE-2020-11945", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-22", "details": [ "A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1." ], "upstream_fix": "pcp 5.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3696\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3696" ], "name": "CVE-2019-3696", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-09T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.", "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges." ], "statement": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Important because it allows an attacker to crash systemd-journald or escalate his privileges. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Enterprise Linux 7 ships systemd-journal-remote through the optional systemd-journal-gateway package, which is not installed, nor enabled by default.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16865\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16865\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt" ], "name": "CVE-2018-16865", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.", "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service." ], "upstream_fix": "tomcat 8.0.32, tomcat 6.0.45, tomcat 7.0.68", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0763\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0763\nhttp://seclists.org/bugtraq/2016/Feb/147" ], "name": "CVE-2016-0763", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-25T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-73", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-7703. Reason: This candidate is a reservation duplicate of CVE-2015-7703. Notes: All CVE users should reference CVE-2015-7703 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals)." ], "acknowledgement": "This issue was discovered by Miroslav Lichvár (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5196\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5196" ], "name": "CVE-2015-5196", "mitigation": { "value": "Disable remote runtime configuration with ntpq or ntpdc. In the default NTP configuration on Red Hat Enterprise Linux, runtime configuration with ntpq or ntpdc is limited to localhost.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-14T17:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-203->CWE-385->CWE-226", "details": [ "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12130\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12130" ], "csaw": true, "name": "CVE-2018-12130" }, { "threat_severity": "Moderate", "public_date": "2018-05-17T17:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).", "By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks)." ], "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "upstream_fix": "kernel 4.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1120\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1120\nhttp://seclists.org/oss-sec/2018/q2/122" ], "name": "CVE-2018-1120", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4733\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4733\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.", "A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the is_mergeable_anon_vma() function continuously forks, using memory operations to trigger an incorrect reuse of leaf anon_vma. This issue allows a local attacker to crash the system." ], "upstream_fix": "Linux kernel 6.0-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42703\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42703\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b" ], "name": "CVE-2022-42703", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.", "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues." ], "statement": "This flaw is rated as 'Moderate' as the WebKitGTK package is shipped as a dependency for the Gnome package. Red Hat Enterprise Linux does not ship any WebKitGTK-based web browser where this flaw would present a higher severity major threat.", "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8720\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8720\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8720", "mitigation": { "value": "Red Hat has investigated whether possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2011-12-31T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-407", "details": [ "The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.", "A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU." ], "statement": "This issue did not affect the versions of file as shipped with Red Hat Enterprise Linux 5, 6, and 7, the versions of php as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of php53 as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-7345\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7345" ], "name": "CVE-2013-7345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.", "An information leak flaw was found in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2621\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2621\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2621", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-06-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE users should reference CVE-2016-5314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5320\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5320" ], "name": "CVE-2016-5320", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "details": [ "An out-of-bounds write in \"ClearKeyDecryptor\" while decrypting some Clearkey-encrypted media content. The \"ClearKeyDecryptor\" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anonymous working with Trend Micro's Zero Day Initiative as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5448\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5448\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5448" ], "name": "CVE-2017-5448", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.", "A denial of service flaw was found in the way BIND handled query requests when using DNS64 with \"break-dnssec yes\" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Oleg Gorokhov (Yandex) as the original reporter.", "upstream_fix": "bind 9.11.0-P5, bind 9.9.9-P8, bind 9.10.4-P8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3136\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3136\nhttps://kb.isc.org/article/AA-01465" ], "name": "CVE-2017-3136", "mitigation": { "value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, André Bargull, Carsten Book, Christian Holler, Gary Kwong, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Masayuki Nakano, Mats Palmgren, Nils, Philipp, Ronald Crane, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5470\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5470\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5470" ], "name": "CVE-2017-5470", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3500\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3500\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." ], "upstream_fix": "mariadb 10.1.31, mariadb 5.5.59, mariadb 10.2.13, mariadb 10.0.34, mysql 5.5.59, mysql 5.7.21, mysql 5.6.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2665\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2665\nhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" ], "name": "CVE-2018-2665", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function." ], "statement": "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.", "upstream_fix": "libxml2 2.9.5, Chrome 52.0.2743.82", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5131\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5131\nhttps://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html" ], "name": "CVE-2016-5131", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7638\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7638" ], "name": "CVE-2019-7638", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls.", "The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9074\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9074" ], "name": "CVE-2017-9074", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1." ], "statement": "In general, this flaw can be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Niklas Baumstark via Trend Micro's Zero Day Initiative as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9813\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9813\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813" ], "name": "CVE-2019-9813", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-12T18:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-226", "details": [ "Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.", "A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor.\nSystem software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses.\nSystem software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change." ], "acknowledgement": "Red Hat would like to thank Intel for reporting this issue. Upstream acknowledges Deepak Gupta as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12207\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12207\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html" ], "csaw": true, "name": "CVE-2018-12207", "mitigation": { "value": "For mitigation related information, please refer to the Red Hat vulnerability article: https://access.redhat.com/security/vulnerabilities/ifu-page-mce .", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Luật Nguyễn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9817\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9817\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9817" ], "name": "CVE-2019-9817", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2792\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2792\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2792", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-184", "details": [ "It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document. This only affects ghostscript 9.07 as shipped with Red Hat Enterprise Linux 7.", "It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. An attacker could possibly exploit another variant of the flaw and bypass the -dSAFER protection to, for example, execute arbitrary shell commands via a specially crafted PostScript document." ], "statement": "This vulnerability affects only Red Hat Enterprise Linux version 7. Red Hat Enterprise Linux version 6 is not affected by this vulnerability because the set of fixes for CVE-2018-16509, released via RHSA-2018:3760, was complete.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16863\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16863" ], "csaw": true, "name": "CVE-2018-16863" }, { "threat_severity": "Low", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.", "It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0695\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0695\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-0695", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6464\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6464" ], "name": "CVE-2014-6464", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-02-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.", "A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system." ], "statement": "This issue affects Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels.\nAs this issue is rated as Important, it has been scheduled to be fixed in a future version of Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 kernels.", "acknowledgement": "Red Hat would like to thank Andrey Konovalov (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6074\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6074\nhttps://access.redhat.com/node/2934281" ], "csaw": true, "name": "CVE-2017-6074", "mitigation": { "value": "Recent versions of the SELinux policy can mitigate this flaw. The steps below will work with SELinux enabled or disabled.\nAs the DCCP module will be auto-loaded when required, its use can be disabled \nby preventing the module from loading with the following instructions:\n# echo \"install dccp /bin/true\" >> /etc/modprobe.d/disable-dccp.conf \nThe system will need to be restarted if the DCCP modules are loaded. In most circumstances, the DCCP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" } } ]