[ { "threat_severity": "Low", "public_date": "2018-10-25T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)." ], "upstream_fix": "openssl 1.1.1a, openssl 1.1.0j", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0735\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0735" ], "name": "CVE-2018-0735", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have confused Thunderbird into showing the wrong origin when asking to launch a program and handling an external URL protocol." ], "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22748\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22748" ], "name": "CVE-2022-22748", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1127", "details": [ "Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nExcel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Umar Farooq (@Puf) as the original reporter.", "upstream_fix": "thunderbird 102.15, thunderbird 115.2, firefox 102.15, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4581\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4581\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581" ], "name": "CVE-2023-4581", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12697\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12697" ], "name": "CVE-2018-12697", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-10T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.", "A flaw was found in screen. A specially crafted sequence of combining characters could cause an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-26937\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26937" ], "name": "CVE-2021-26937", "mitigation": { "value": "This flaw is in utf8 processing; if your screen configuration does not enable utf8 (through configuration such as \"defencoding utf-8\" in .screenrc), you are not vulnerable.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-14T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.", "It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system." ], "acknowledgement": "This issue was discovered by Lukáš Slebodník (Red Hat) and Sumit Bose.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5277\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5277\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=17079" ], "name": "CVE-2015-5277", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25735\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25735\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25735\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25735" ], "name": "CVE-2023-25735", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-15T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.", "It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied." ], "upstream_fix": "httpd 2.4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3185\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3185\nhttp://httpd.apache.org/security/vulnerabilities_24.html#2.4.16" ], "name": "CVE-2015-3185", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-03-16T05:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400->CWE-770", "details": [ "A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.", "A vulnerability was found in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection. No bind or other authentication is required. This message triggers a segmentation fault that results in slapd crashing." ], "acknowledgement": "This issue was discovered by Matthew Burket (Red Hat) and Nathan Mulbrook.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-0918\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0918" ], "name": "CVE-2022-0918", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-284", "details": [ "A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1)." ], "upstream_fix": "cups 2.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18190\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18190" ], "name": "CVE-2017-18190", "mitigation": { "value": "Ensure that \"localhost.localdomain\" resolves to 127.0.0.1, for example by adding it to /etc/hosts. This is the default on Red Hat Enterprise Linux 7.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-11T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.", "A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. The kernel incorrectly misinterpreted the congestion as an error condition and incorrectly freed or cleaned up the socket buffer (skb). When the device then sent the skb's queued data, these structures were referenced. A local attacker could use this flaw to panic the system (denial of service) or, with a local account, escalate their privileges." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and 7 and Red Hat Enterprise MRG 2 and realtime kernels and may be addressed in a future update.\nThis has been rated as having Moderate security impact and is not currently\nplanned to be addressed in future updates in Red Hat Enterprise Linux 5 and 6 . For additional information, refer to the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Venkatesh Pottem (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8812\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8812" ], "name": "CVE-2015-8812", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.", "A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation." ], "acknowledgement": "Red Hat would like to thank Andrew Bartlett (Catalyst and the Samba Team) and the Samba project for reporting this issue.", "upstream_fix": "samba 4.13.14, samba 4.14.10, samba 4.15.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25717\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25717\nhttps://www.samba.org/samba/security/CVE-2020-25717.html" ], "name": "CVE-2020-25717", "mitigation": { "value": "Setting \"gensec:require_pac=true\" in the smb.conf makes, due to a cache prime in winbind, the DOMAIN\\user lookup succeed, provided nss_winbind is in use, 'winbind use default domain = no' (the default) and no error paths are hit. \nIt would be prudent to pre-create disabled users in Active Directory matching on all privileged names not held in Active Directory, eg \n~~~\nsamba-tool user add root -H ldap://$SERVER -U$USERNAME%$PASSWORD --random-password\nsamba-tool user add ubuntu -H ldap://$SERVER -U$USERNAME%$PASSWORD --random-password\n~~~\n(repeat for eg all system users under 1000 in /etc/passwd or special to any other AD-connected services, eg perhaps \"admin\" for a web-app)", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1833\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1833" ], "name": "CVE-2016-1833", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", "A flaw was found in OpenSSL. It is possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing happens before verification of the certificate signature, any process that parses an externally supplied certificate may be subject to a denial of service attack." ], "statement": "While Red Hat initially stated not to be directly affected by this flaw, after further investigation we found that the versions of OpenSSL as shipped in Red Hat Enterprise Linux 6, 7, and 8 are vulnerable to a denial of service attack through malicious Elliptic Curve parameters. During processing of the parameters OpenSSL will call BN_mod_sqrt() with invalid arguments, causing the process to enter an infinite loop. The invalid EC parameters can be provided to OpenSSL through X.509 certificates (used in TLS connections), through public and private keys, through certificate signing requests and other places where applications process Elliptic Curve parameters. The flaw has been rated as having a security impact of Important. A future update will address this issue in Red Hat Enterprise Linux 6, 7 and 8.", "upstream_fix": "openssl 1.1.1n, openssl 3.0.2, openssl 1.0.2zd", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-0778\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0778\nhttps://www.openssl.org/news/secadv/20220315.txt" ], "name": "CVE-2022-0778", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP archive has a crafted relationship between the compressed-size value and the uncompressed-size value, because a buffer size is 10 and is supposed to be 12." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18384\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18384" ], "name": "CVE-2018-18384", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip." ], "statement": "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "upstream_fix": "bootstrap 4.1.2, bootstrap 3.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14042\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14042" ], "name": "CVE-2018-14042", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8686\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8686\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8686", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ben Seri, Gregory Vishnepolsky, and Samy Kamkar as the original reporters.", "upstream_fix": "thunderbird 78.10, firefox 78.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23961\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23961\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23961" ], "name": "CVE-2021-23961", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.", "A flaw was found in the way the Intel Wireless driver in the Linux kernel handled resource cleanup during Gen 3 device initialization. This flaw allows an attacker with the ability to restrict access to DMA coherent memory on device initialization, to crash the system." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (ability to restrict access to dma coherent memory on device initialization).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19059\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19059" ], "name": "CVE-2019-19059", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlwifi. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry tokens were desupported incorrectly." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15854\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15854" ], "name": "CVE-2018-15854", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-09T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-22", "details": [ "Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.", "A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application." ], "acknowledgement": "Red Hat would like to thank Stephane Chazelas for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0475\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0475" ], "name": "CVE-2014-0475", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nCertain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abraruddin Khan and Omair as the original reporters.", "upstream_fix": "thunderbird 78.6, firefox 78.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26971\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26971\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26971" ], "name": "CVE-2020-26971", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.4", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-20->CWE-805->(CWE-125|CWE-787)", "details": [ "The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) __glXDisp_Render, (2) __glXDisp_RenderLarge, (3) __glXDispSwap_VendorPrivate, (4) __glXDispSwap_VendorPrivateWithReply, (5) set_client_info, (6) __glXDispSwap_SetClientInfoARB, (7) DoSwapInterval, (8) DoGetProgramString, (9) DoGetString, (10) __glXDispSwap_RenderMode, (11) __glXDisp_GetCompressedTexImage, (12) __glXDispSwap_GetCompressedTexImage, (13) __glXDisp_FeedbackBuffer, (14) __glXDispSwap_FeedbackBuffer, (15) __glXDisp_SelectBuffer, (16) __glXDispSwap_SelectBuffer, (17) __glXDisp_Flush, (18) __glXDispSwap_Flush, (19) __glXDisp_Finish, (20) __glXDispSwap_Finish, (21) __glXDisp_ReadPixels, (22) __glXDispSwap_ReadPixels, (23) __glXDisp_GetTexImage, (24) __glXDispSwap_GetTexImage, (25) __glXDisp_GetPolygonStipple, (26) __glXDispSwap_GetPolygonStipple, (27) __glXDisp_GetSeparableFilter, (28) __glXDisp_GetSeparableFilterEXT, (29) __glXDisp_GetConvolutionFilter, (30) __glXDisp_GetConvolutionFilterEXT, (31) __glXDisp_GetHistogram, (32) __glXDisp_GetHistogramEXT, (33) __glXDisp_GetMinmax, (34) __glXDisp_GetMinmaxEXT, (35) __glXDisp_GetColorTable, (36) __glXDisp_GetColorTableSGI, (37) GetSeparableFilter, (38) GetConvolutionFilter, (39) GetHistogram, (40) GetMinmax, or (41) GetColorTable function.", "Multiple out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8098\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8098\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8098", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-451", "details": [ "In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIn multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alesandro Ortiz as the original reporter.", "upstream_fix": "thunderbird 102.11, firefox 102.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32205\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32205\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32205\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32205" ], "name": "CVE-2023-32205", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3901\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3901\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3901", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.", "A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1950\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1950\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-35" ], "name": "CVE-2016-1950", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2964\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2964" ], "name": "CVE-2019-2964", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-682", "details": [ "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled." ], "statement": "This issue does not affect the version of openldap package as shipped with Red Hat Enterprise Linux 5.\nThis issue does not affect the version of openldap package as shipped with Red Hat Enterprise Linux 8.", "acknowledgement": "This issue was discovered by Martin Poole (Red Hat Software Maintenance Engineering group).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3276\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3276" ], "name": "CVE-2015-3276", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.", "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18017\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18017" ], "name": "CVE-2017-18017", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-328", "details": [ "Netlogon RPC Elevation of Privilege Vulnerability", "A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client and server to craft data with the same MD5 calculation and replace it without being detected." ], "upstream_fix": "samba 4.16.8, samba 4.15.13, samba 4.15.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38023\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38023\nhttps://www.samba.org/samba/security/CVE-2022-38023.html" ], "name": "CVE-2022-38023", "mitigation": { "value": "Users can disable MD5-based NetLogon by adding the following snippet to their smb.conf\n~~~\nreject md5 clients = yes \n~~~\nin case there's still need to allow SMB to authenticate to MD5-based NetLogon servers, it's possible to explicitly\nenable it per-server based:\n~~~\nserver reject md5 schannel:$ = no\n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation." ], "upstream_fix": "dhcp 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6470\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6470\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122" ], "name": "CVE-2019-6470", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-356", "details": [ "The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Shaheen Fazim as the original reporter.", "upstream_fix": "firefox 115.10, thunderbird 115.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2609\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2609\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-2609\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-2609" ], "name": "CVE-2024-2609", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-11-15T10:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122->CWE-787", "details": [ "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.", "A flaw was found where a maliciously crafted pf2 font could lead to an out-of-bounds write in grub2. A successful attack can lead to memory corruption and secure boot circumvention." ], "acknowledgement": "Red Hat would like to thank Zhang Boyang for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2601\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2601\nhttps://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html" ], "name": "CVE-2022-2601", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity." ], "upstream_fix": "expat 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-46143\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46143\nhttps://github.com/libexpat/libexpat/issues/532" ], "name": "CVE-2021-46143", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-697->CWE-305", "details": [ "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", "It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as \"kad/x\") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9422\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9422\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-9422", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16423\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16423\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16423", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream." ], "upstream_fix": "thunderbird 78.1, thunderbird 68.11, firefox 68.11, chromium-browser 84.0.4147.89", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6514\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6514\nhttps://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html" ], "name": "CVE-2020-6514", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-805", "details": [ "An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7225\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7225" ], "name": "CVE-2018-7225", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-732", "details": [ "In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.", "A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support (for example, ext4 with the \"noacl\" mount option). This flaw allows a local attacker with a user privilege to cause a kernel information leak problem." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-24394\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24394" ], "name": "CVE-2020-24394", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-05-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-415", "details": [ "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.", "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system." ], "statement": "The impact is Moderate, because the double free happens during flush procedure, and no use of incorrect data during flush finishing even if double free could happen without kernel crash.", "acknowledgement": "Red Hat would like to thank HaoXiong, LinMa (ckSec) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3564\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3564\nhttps://www.openwall.com/lists/oss-security/2021/05/25/1" ], "name": "CVE-2021-3564", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.", "A flaw was found in the Linux kernel's implementation of valid_master_desc() in which a memory buffer would be compared to a userspace value with an incorrect size of comparison. By bruteforcing the comparison, an attacker could determine what was in memory after the description and possibly obtain sensitive information from kernel memory." ], "upstream_fix": "kernel 4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13305\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13305" ], "name": "CVE-2017-13305", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8679\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8679\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8679", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91." ], "upstream_fix": "firefox 78.13, thunderbird 78.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29989\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29989" ], "name": "CVE-2021-29989", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-14T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", "A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3119\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3119" ], "name": "CVE-2016-3119", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-862|CWE-306)", "details": [ "When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2." ], "upstream_fix": "Firefox 68.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11733\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11733\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-24/" ], "name": "CVE-2019-11733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14782\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14782" ], "name": "CVE-2020-14782", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8812\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8812\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8812", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.", "A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process." ], "upstream_fix": "samba 4.4.8, samba 4.5.3, samba 4.3.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2126\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2126\nhttps://www.samba.org/samba/security/CVE-2016-2126.html" ], "name": "CVE-2016-2126", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-179", "details": [ "util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6764\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6764" ], "name": "CVE-2018-6764", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-25T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.", "A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, 7, MRG-2 and realtime and will be addressed in future updates.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9555\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9555" ], "name": "CVE-2016-9555", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.", "It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as a code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15649\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15649" ], "name": "CVE-2017-15649", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.", "The Linux kernel was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service." ], "statement": "If you're not running container images, or creating net namepaces exposed to potentially malicious workloads this issue has a security impact of moderate. This issue has an important impact if the system is being used to run container images with untrusted content, such as an OpenShift Container Platform compute node.", "acknowledgement": "Red Hat would like to thank Christian Brauner for reporting this issue.", "upstream_fix": "kernel 4.15-rc8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14646\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14646" ], "name": "CVE-2018-14646", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1." ], "upstream_fix": "squid 4.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12525\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12525\nhttp://www.squid-cache.org/Advisories/SQUID-2019_3.txt" ], "name": "CVE-2019-12525", "mitigation": { "value": "Remove 'auth_param digest ...' configuration settings from squid.conf.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-09-30T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-129->CWE-119", "details": [ "rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier allows remote attackers to cause a denial of service (crash), possibly execute arbitrary code, or have other unspecified impact via a crafted priority (PRI) value that triggers an out-of-bounds array access.", "A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially in rsyslog 7.x, execute arbitrary code as the user running the rsyslog daemon." ], "acknowledgement": "Red Hat would like to thank Rainer Gerhards (rsyslog upstream) for reporting this issue.", "upstream_fix": "rsyslog 8.4.1, rsyslog 7.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3634\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3634\nhttp://www.rsyslog.com/remote-syslog-pri-vulnerability/" ], "name": "CVE-2014-3634", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a same-origin policy violation that could have allowed the theft of cross-origin URL entries, leaking the result of a redirect via `performance.getEntries()`." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges James Lee as the original reporter.", "upstream_fix": "thunderbird 102.4, firefox 102.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42927\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42927\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42927\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42927" ], "name": "CVE-2022-42927", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.", "A flaw was found in the Linux kernel in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user (\"root\") to achieve an out-of-bounds write and thus receiving user space buffer corruption." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9516\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9516" ], "name": "CVE-2018-9516", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put().", "A flaw was found in the Linux kernel's handling of fork failure when dealing with event messages in the userfaultfd code. Failure to fork correctly can create a fork event that will be removed from an already freed list of events." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7, realtime, MRG-2 prior to version kernel-3.10.0-781.\nThe kernel-alt package already as shipped contains this fix.", "acknowledgement": "This issue was discovered by Andrea Arcangeli (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15126\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15126" ], "name": "CVE-2017-15126", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-772", "details": [ "xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs." ], "upstream_fix": "libxml2 2.9.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19956\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19956" ], "name": "CVE-2019-19956", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3855\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3855\nhttps://www.libssh2.org/CVE-2019-3855.html" ], "name": "CVE-2019-3855", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the FUJITSU Extended Socket Network driver. A call to the alloc_workqueue return was not validated and causes a denial of service at the time of failure. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16231\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16231\nhttps://lkml.org/lkml/2019/9/9/487\nhttps://security.netapp.com/advisory/ntap-20191004-0001/" ], "name": "CVE-2019-16231", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-841", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2655\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2655" ], "name": "CVE-2020-2655", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse.", "An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Emilia Käsper as the original reporter.", "upstream_fix": "openssl 0.9.8zf, openssl 1.0.0r, openssl 1.0.1m, openssl 1.0.2a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0287\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0287\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0287", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-12T18:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.", "A flaw was found in Intel graphics hardware (GPU) where a local attacker with the ability to issue an ioctl could trigger a hardware level crash if MMIO registers were read while the graphics card was in a low-power state. This creates a denial of service situation and the GPU and connected displays will remain unusable until a reboot occurs." ], "statement": "Intel plans to release BIOS firmware to correct this issue. Red Hat's kernel update should mitigate this vulnerability. Some older hardware will not have BIOS firmware update and will rely on operating system level protection to prevent access while the device is in low-power states. For more information see https://access.redhat.com/solutions/i915-graphics", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0154\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0154\nhttps://access.redhat.com/solutions/i915-graphics\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html" ], "name": "CVE-2019-0154", "mitigation": { "value": "Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system however the power management functionality of the card will be disabled and the system may draw additional power. See this KCS article (https://access.redhat.com/solutions/41278) for instructions on how to disable a kernel module. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if running graphical tools locally is required.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.", "A use-after-free flaw was found in qfq_dequeue and agg_dequeue in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This issue may allow a local user to crash the system or escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4921\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4921\nhttps://github.com/torvalds/linux/commit/8fc134fee27f2263988ae38920bc03da416b03d8" ], "name": "CVE-2023-4921", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module sch_qfq onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20926\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20926\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20926", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5185\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5185\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185" ], "name": "CVE-2018-5185", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could have provided malicious data in a `PathRecording`, resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges sonakkbi as the original reporter.", "upstream_fix": "firefox 115.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5169\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5169" ], "name": "CVE-2023-5169", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3864\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3864\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3864", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-25T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-266", "details": [ "Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.", "A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table)." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2069\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2069\nhttp://seclists.org/oss-sec/2016/q1/194" ], "name": "CVE-2016-2069", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.", "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13405\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13405" ], "name": "CVE-2018-13405", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-02T12:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80.", "A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality." ], "statement": "This is a side channel attack which can used to exact pirate keys when ECDSA signatures are being generated. This attack is only feasible when the attacker is local to the machine or in certain cross-VM scenarios where the signature is being generated. Attacks over the network or via the internet are not feasible.", "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Billy Bob Brumley (Network and Information Security Group (NISEC), Cesar Pereida (Network and Information Security Group (NISEC), Nicola Tuveri (Network and Information Security Group (NISEC), and Yuval Yarom (Network and Information Security Group (NISEC) as the original reporters.", "upstream_fix": "nss 3.55", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6829\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6829\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes" ], "name": "CVE-2020-6829", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-05T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, as there is no user namespace support in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by Eric W. Biederman (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4581\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4581" ], "name": "CVE-2016-4581", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-01T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-393", "details": [ "arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.", "A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and\nmaintenance life cycle. This has been rated as having Low security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat Enterprise Linux Life\nCycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2830\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2830" ], "name": "CVE-2015-2830", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a specially crafted PDF file." ], "statement": "Red Hat Product Security has rated this issue as having a security impact of Low, and a future update may address this flaw.", "acknowledgement": "Red Hat would like to thank Hosein Askari for reporting this issue.", "upstream_fix": "poppler 0.67.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13988\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13988" ], "name": "CVE-2018-13988", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8563\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8563" ], "name": "CVE-2019-8563", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "A malicious third-party can give a crafted \"ssh://...\" URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running \"git clone --recurse-submodules\" to trigger the vulnerability.", "A shell command injection flaw related to the handling of \"ssh\" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a \"clone\" action on a malicious repository or a legitimate repository containing a malicious commit." ], "upstream_fix": "git 2.7.6, git 2.13.5, git 2.10.4, git 2.8.6, git 2.11.3, git 2.12.4, git 2.9.5, git 2.14.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000117\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000117\nhttp://blog.recurity-labs.com/2017-08-10/scm-vulns\nhttps://lkml.org/lkml/2017/8/10/757" ], "name": "CVE-2017-1000117", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-200", "details": [ "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.", "A flaw was found in the Linux kernel’s virtual console resize functionality. An attacker with local access to virtual consoles can use the virtual console resizing code to gather kernel internal data structures." ], "statement": "This flaw is rated as having Moderate impact because the information leak is limited.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8647\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8647" ], "name": "CVE-2020-8647", "mitigation": { "value": "The attack vector can be significantly reduced by preventing users from being able to log into the local virtual console.\nSee the instructions on disabling local login here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_smart_cards/pam_configuration_files , See the section on \"pam_console\" to deny users logging into the console. This mechanism should work from el6 forward to current versions of Red Hat Enterprise Linux.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3261\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3261" ], "name": "CVE-2017-3261", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device.", "An out-of-bounds write vulnerability was found in the Linux kernel's vmw_surface_define_ioctl() function, in the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code where the flaw was found is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7294\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7294" ], "name": "CVE-2017-7294", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", "This record is a duplicate of CVE-2023-4206, CVE-2023-4207, and CVE-2023-4208. Do not use this CVE record: CVE-2023-4128." ], "statement": "All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.", "upstream_fix": "Kernel 6.5-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4128\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4128\nhttps://access.redhat.com/security/cve/CVE-2023-4206\nhttps://access.redhat.com/security/cve/CVE-2023-4207\nhttps://access.redhat.com/security/cve/CVE-2023-4208" ], "name": "CVE-2023-4128", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-28T10:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.", "A flaw was found in the Linux kernel’s implementation of the Marvell wifi driver, which can allow a local user who has CAP_NET_ADMIN or administrative privileges to possibly cause a Denial Of Service (DOS) by corrupting memory and possible code execution." ], "acknowledgement": "Red Hat would like to thank Huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14814\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14814\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7caac62ed598a196d6ddf8d9c121e12e082cac3a" ], "name": "CVE-2019-14814", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers and community members reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Andrew Osmond, Emily McDonough, Gabriele Svelto, Sebastian Hengst, and the Mozilla Fuzzing Team as the original reporters.", "upstream_fix": "thunderbird 102.11, firefox 102.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32215\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32215\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32215\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32215" ], "name": "CVE-2023-32215", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119->CWE-787", "details": [ "In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "A flaw was found in the USB monitor driver of the Linux kernel. This flaw allows an attacker with physical access to the system to crash the system or potentially escalate their privileges." ], "statement": "This issue is rated as having Low impact because of the need of physical access and debugfs mounted.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9456\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9456" ], "name": "CVE-2019-9456", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.", "An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL (Certificate Revocation List), which when parsed by an application would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1789\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1789" ], "name": "CVE-2015-1789", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.", "An open redirect flaw was discovered in mod_auth_openidc where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with slash and backslash at the beginning to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect him to another, possibly malicious, URL." ], "statement": "It is not possible to reproduce the open redirect vulnerability in the versions of mod_auth_openidc as shipped in Red Hat Enterprise Linux 7, as a missing check makes the process crash, due to a NULL pointer dereference, instead of letting it continue with an invalid URL.", "upstream_fix": "mod_auth_openidc 2.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20479\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20479" ], "name": "CVE-2019-20479", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nBy exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Richard Thomas and Tom Chothia (University of Birmingham) as the original reporter.", "upstream_fix": "thunderbird 78.3, firefox 78.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15677\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15677\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677" ], "name": "CVE-2020-15677", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nOffscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Max Vlasov as the original reporter.", "upstream_fix": "thunderbird 115.1, thunderbird 102.14, firefox 102.14, firefox 115.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4045\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4045\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4045\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4045\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4045\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4045" ], "name": "CVE-2023-4045", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-09-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.", "A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6, JBoss Enterprise Web Server 1 and 2, and JBoss Application Platform 6.", "upstream_fix": "httpd 2.4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3581\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3581" ], "name": "CVE-2014-3581", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-250", "details": [ "Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.", "A flaw was found in the Linux kernel's implementation of GVT-g which allowed an attacker with access to a 'passed through' Intel i915 graphics card to possibly access resources allocated to other virtual machines, crash the host, or possibly corrupt memory leading to privilege escalation." ], "upstream_fix": "kernel 5.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11085\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11085\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00249.html" ], "name": "CVE-2019-11085", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-281", "details": [ "A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.", "A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system." ], "statement": "For the Red Hat Enterprise Linux default configuration, the issue occurs only if a local user is running malicious code on GPU. The GPU is used and the user is required to have privileges to access the i915 Intel GPU.", "upstream_fix": "kernel 5.17-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-0330\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0330\nhttps://www.openwall.com/lists/oss-security/2022/01/25/12" ], "name": "CVE-2022-0330", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.", "A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions." ], "acknowledgement": "Red Hat would like to thank Johannes Wikner (ETH Zürich) and Kaveh Razavi (ETH Zürich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29900\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29900\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037" ], "name": "CVE-2022-29900", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-07T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.", "A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding requests, or exhaust system sockets (denial of service)." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "dhcp 4.1-ESV-R13, dhcp 4.3.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2774\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2774\nhttps://kb.isc.org/article/AA-01354" ], "name": "CVE-2016-2774", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-25T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-667", "details": [ "A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls. This issue affects kernel versions before 4.8.", "A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3901\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3901" ], "name": "CVE-2019-3901", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.", "A flaw was found in the libssh2 library. An out-of-bounds access issue can occur due to an improper initialization of a variable, resulting in a crash in the application linked to the library." ], "upstream_fix": "libssh2 1.10.0, libssh2 1.11.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-22218\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-22218" ], "name": "CVE-2020-22218", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-24T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-454", "details": [ "The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.", "It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2922\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2922" ], "name": "CVE-2015-2922", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.", "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10928\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10928" ], "name": "CVE-2018-10928", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.", "A use-after-free flaw was observed in blkdev_get(), in fs/block_dev.c after a call to __blkdev_get() fails, and its refcount gets freed/released. This problem may cause a denial of service problem with a special user privilege, and may even lead to a confidentiality issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15436\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15436" ], "name": "CVE-2020-15436", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-19T00:00:00Z", "cvss3": { "cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.", "A vulnerability was discovered in glibc where the LD_PREFER_MAP_32BIT_EXEC environment variable is not ignored when running binaries with the setuid flag on x86_64 architectures. This allows an attacker to force system to utilize only half of the memory (making the system think the software is 32-bit only), thus lowering the amount of memory being used with address space layout randomization (ASLR). The highest threat is confidentiality although the complexity of attack is high. The affected application must already have other vulnerabilities for this flaw to be usable." ], "upstream_fix": "glibc 2.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19126\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19126" ], "name": "CVE-2019-19126", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nTo harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ryan VanderMeulen and Dan Minor as the original reporter.", "upstream_fix": "firefox 115.9, thunderbird 115.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2616\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2616\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2616\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2616" ], "name": "CVE-2024-2616", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-11-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-352", "details": [ "In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.", "A Cross-Site Request Forgery (CSRF) attack can be performed in mailman due to a CSRF token bypass. CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request, effectively bypassing the protection provided by CSRF tokens. A remote attacker with an account on the mailman system can use this flaw to perform a CSRF attack and perform operations on behalf of the victim admin." ], "acknowledgement": "This issue was discovered by Riccardo Schirone (Red Hat Product Security).", "upstream_fix": "mailman 2.1.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-44227\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44227" ], "name": "CVE-2021-44227", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7643\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7643" ], "name": "CVE-2018-7643", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption, some of which could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "firefox 91.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22764\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22764\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764" ], "name": "CVE-2022-22764", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.", "The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping." ], "upstream_fix": "kernel 4.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18208\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18208\nhttps://lwn.net/Articles/618064/\nhttps://www.kernel.org/doc/Documentation/filesystems/dax.txt" ], "name": "CVE-2017-18208", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.", "It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5542\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5542\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5542", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12767\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12767" ], "name": "CVE-2020-12767", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-10T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.", "It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Marco Grassi for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8645\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8645" ], "name": "CVE-2016-8645", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string." ], "upstream_fix": "glibc 2.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15670\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15670" ], "name": "CVE-2017-15670", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-17T17:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.", "An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented, which leads to increased resource utilization to traverse and process these fragments as further SACK segments are received on the same TCP connection. A remote attacker could use this flaw to cause a denial of service (DoS) by sending a crafted sequence of SACK segments on a TCP connection." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack\nRed Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Jonathan Looney (Netflix Information Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11478\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11478\nhttps://patchwork.ozlabs.org/project/netdev/list/?series=114310\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5" ], "name": "CVE-2019-11478", "mitigation": { "value": "For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-179", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21476\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21476" ], "name": "CVE-2022-21476", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-843", "details": [ "The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a \"type confusion\" issue." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Paul Bandha as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2728\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2728\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-61.html" ], "name": "CVE-2015-2728", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alfred Peters as the original reporter.", "upstream_fix": "firefox 115.8, thunderbird 115.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1546\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1546\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1546\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1546" ], "name": "CVE-2024-1546", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-16T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.", "An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances." ], "upstream_fix": "bash 4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7543\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7543" ], "name": "CVE-2016-7543", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2815\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2815" ], "name": "CVE-2018-2815", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-704", "details": [ "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network." ], "statement": "For shim in Red Hat Enterprise Linux 8 & 9, is not affected as shim doesn't support any CRL processing.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-0286\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0286\nhttps://www.openssl.org/news/secadv/20230207.txt" ], "name": "CVE-2023-0286", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.", "A flaw was found in Squid, which is susceptible to a Denial of Service (DoS) due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing. Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This issue poses a threat to the stability and availability of the Squid service." ], "statement": "Squid configurations lacking the \"follow_x_forwarded_for\" setting are not susceptible to the vulnerability.", "upstream_fix": "squid 6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-50269\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-50269\nhttp://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch\nhttp://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3" ], "name": "CVE-2023-50269", "mitigation": { "value": "Remove all \"follow_x_forwarded_for\" lines from squid.conf.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.", "Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7541\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7541" ], "name": "CVE-2017-7541", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", "A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation." ], "statement": "Red Hat Enterprise Linux 6 is not affected by this flaw as it did not include support for the TC flower classifier.", "upstream_fix": "kernel 6.4-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-35788\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35788\nhttps://www.openwall.com/lists/oss-security/2023/06/07/1" ], "name": "CVE-2023-35788", "mitigation": { "value": "This flaw can be mitigated by preventing the affected `cls_flower` kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2024-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Manfred Paul via Trend Micro's Zero Day Initiative as the original reporter.", "upstream_fix": "firefox 115.9.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-29944\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-29944\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-16/#CVE-2024-29944" ], "name": "CVE-2024-29944", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0797\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0797\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-47.html" ], "name": "CVE-2015-0797", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abraruddin Khan and Omair as the original reporter.", "upstream_fix": "thunderbird 78.10, firefox 78.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23994\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23994\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23994" ], "name": "CVE-2021-23994", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-250|CWE-122)", "details": [ "An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.", "A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank Adam Nichols (GRIMM) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27365\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27365\nhttps://www.openwall.com/lists/oss-security/2021/03/06/1" ], "name": "CVE-2021-27365", "mitigation": { "value": "The LIBISCSI module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n~~~\n# echo \"install libiscsi /bin/true\" >> /etc/modprobe.d/disable-libiscsi.conf\n~~~\nThe system will need to be restarted if the libiscsi modules are loaded. In most circumstances, the libiscsi kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf the system requires iscsi to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-16T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-662->CWE-300", "details": [ "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation.", "A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Emil Lenngren as the original reporter.", "upstream_fix": "postgresql 9.3.6, postgresql 9.2.10, postgresql 9.0.19, postgresql 9.4.1, postgresql 9.1.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0244\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0244\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2015-0244", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.", "A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tim Taubert as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1979\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1979\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-36" ], "name": "CVE-2016-1979", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4475\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4475\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-80.html" ], "name": "CVE-2015-4475", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges CESG (the Information Security Arm of GCHQ) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2808\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2808\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-47.html" ], "name": "CVE-2016-2808", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-12-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-384", "details": [ "When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.", "It was found that tomcat's FORM authentication allowed a very small period in which an attacker could possibly force a victim to use a valid user session, or Session Fixation. While practical exploit of this issue is deemed highly improbable, an abundance of caution merits it be considered a flaw. The highest threat from this vulnerability is to system availability, but also threatens data confidentiality and integrity." ], "statement": "All affected Red Hat products providing the affected component code should update their setups per the product fixes given.\nThe following Red Hat products are out of support scope for Low Impact flaws, and as such will not issue security fixes:\nRed Hat Enterprise Linux 5\nRed Hat Enterprise Linux 6\nRed Hat JBoss BPM Suite 6\nRed Hat JBoss BRMS 6", "upstream_fix": "tomcat 9.0.30, tomcat 8.5.50, tomcat 7.0.99", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17563\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17563\nhttp://mail-archives.apache.org/mod_mbox/www-announce/201912.mbox/%3C21b7a375-7297-581b-1f8e-06622d36775b@apache.org%3E\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.30\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.99\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.50" ], "name": "CVE-2019-17563", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction.", "A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it doesn't provide support for AUTH chunks.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue. This issue has been fixed in Red Hat Enterprise MRG via RHSA-2014:1083.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5077\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5077" ], "name": "CVE-2014-5077", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.", "An address corruption flaw was discovered in the Linux kernel built with hardware breakpoint (CONFIG_HAVE_HW_BREAKPOINT) support. While modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an unprivileged user/process could use this flaw to crash the system kernel resulting in DoS OR to potentially escalate privileges on a the system." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000199\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000199" ], "name": "CVE-2018-1000199", "mitigation": { "value": "To mitigate this issue:\n1) Save the following script in a 'CVE-2018-1000199.stp' file.\n---\nprobe kernel.function(\"ptrace_set_debugreg\") {\nif ($n < 4)\n$n = 4; /* set invalid debug register #, returns -EIO */\n}\nprobe begin {\nprintk(0, \"CVE-2018-1000199 mitigation loaded\")\n}\nprobe end {\nprintk(0, \"CVE-2018-1000199 mitigation unloaded\")\n}\n---\n2) Install systemtap package and its dependencies\n# yum install -y systemtap systemtap-runtime\n# yum install -y kernel-devel kernel-debuginfo kernel-debuginfo-common\n3) Build the mitigation kernel module as root.\n# stap -r `uname -r` -m cve_2018_1000199.ko -g CVE-2018-1000199.stp -p4\n4) Load the mitigation module as root\n# staprun -L cve_2018_1000199.ko", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anne van Kesteren and Karl Tomlinson as the original reporter.", "upstream_fix": "firefox 102.5, thunderbird 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45403\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45403\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45403\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45403" ], "name": "CVE-2022-45403", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tom Tung and Karl Tomlinson as the original reporter.", "upstream_fix": "thunderbird 68.9.0, firefox 68.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12410\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12410\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405" ], "name": "CVE-2020-12410", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16419\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16419\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16419", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-12T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.", "The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9084\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9084" ], "name": "CVE-2016-9084", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An attacker could have caused 4 bytes of HMAC output to be written past the end of a buffer stored on the stack. This could be used by an attacker to execute arbitrary code or more likely lead to a crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output could be written past the end of a buffer stored on the memory stack. This could allow an attacker to execute arbitrary code or lead to a crash. This flaw can be exploited over the network." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11759\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11759\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759" ], "name": "CVE-2019-11759", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges R (Zero Day LLC) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18498\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18498\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18498" ], "name": "CVE-2018-18498", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nGetBoundName could return the wrong version of an object when JIT optimizations were applied." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Logan Stratton as the original reporter.", "upstream_fix": "firefox 115.10, thunderbird 115.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-3852\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3852\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3852\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3852" ], "name": "CVE-2024-3852", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity." ], "upstream_fix": "expat 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22823\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22823\nhttps://github.com/libexpat/libexpat/pull/539" ], "name": "CVE-2022-22823", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7.\nThis issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19607\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19607" ], "name": "CVE-2018-19607", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-191", "details": [ "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-x11-server 1.20.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14362\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14362\nhttps://lists.x.org/archives/xorg-announce/2020-August/003058.html" ], "name": "CVE-2020-14362", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15863\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15863" ], "name": "CVE-2018-15863", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-25T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7317\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7317" ], "name": "CVE-2019-7317", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-11-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.\nThe specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299.", "A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution." ], "statement": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.", "upstream_fix": "gstreamer-plugins-bad-free 1.22.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-44446\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-44446\nhttps://gstreamer.freedesktop.org/security/sa-2023-0010.html\nhttps://www.zerodayinitiative.com/advisories/ZDI-CAN-22299" ], "name": "CVE-2023-44446", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1964\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1964\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-27.html" ], "name": "CVE-2016-1964", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.", "It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes." ], "statement": "This vulnerability affects gluster servers that use 'auth.allow' to restrict access to gluster volumes. Gluster servers using TLS to authenticate gluster clients are not affected by this. This vulnerability allows any client to connect to any gluster volume which only uses auth.allow to restrict access.\nThis issue did not affect the versions of glusterfs as shipped with Red Hat Enterprise Linux 6 and 7 because only gluster client is shipped in these products. CVE-2018-1112 affects glusterfs-server package as shipped with Red Hat Gluster Storage 3.", "upstream_fix": "glusterfs 3.10.12, glusterfs 4.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1112\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1112\nhttps://access.redhat.com/articles/3422521" ], "csaw": true, "name": "CVE-2018-1112", "mitigation": { "value": "1. Use TLS Authentication to authenticate gluster clients to limit access to gluster storage volumes\n2. The gluster server should be on LAN, firewalled to trusted systems, and not reachable from public networks.", "lang": "en:us" } }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2725\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2725\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-59.html" ], "name": "CVE-2015-2725", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-665", "details": [ "fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.", "A vulnerability was found in the Linux kernel where filesystems mounted with data=ordered mode may allow an attacker to read stale data from recently allocated blocks in new files after a system 'reset' by abusing ext4 mechanics of delayed allocation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.\nfs", "acknowledgement": "Red Hat would like to thank Takeshi Nishimura (NEC) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7495\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7495\nhttp://seclists.org/oss-sec/2017/q2/259\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824" ], "name": "CVE-2017-7495", "mitigation": { "value": "Alternative filesystems may be used in place of ext4 in case of sensitive data leak. Alternatively, don't hard reset the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.", "It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not." ], "upstream_fix": "tomcat 8.5.5, tomcat 6.0.47, tomcat 7.0.72, tomcat 8.0.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6797\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6797\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-6797", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-05T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.", "Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash." ], "upstream_fix": "openssl 1.0.2i, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2177\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2177\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2177", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5272\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5272\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5272", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22045\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22045" ], "name": "CVE-2023-22045", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-191", "details": [ "A flaw was found in xorg-x11-server before 1.20.9. An integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in xorg-x11-server. A integer underflow in the X input extension protocol decoding in the X server may lead to arbitrary access of memory contents. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.", "acknowledgement": "Red Hat would like to thank X.org project for reporting this issue. Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter.", "upstream_fix": "xorg-x11-server 1.20.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14346\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14346\nhttps://lists.x.org/archives/xorg-announce/2020-August/003058.html" ], "name": "CVE-2020-14346", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-772", "details": [ "The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.", "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "acknowledgement": "Red Hat would like to thank Dmitry Vyukov (Google Inc.) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2596\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2596" ], "name": "CVE-2017-2596", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5429\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5429\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5429" ], "name": "CVE-2017-5429", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nCertain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free issue, causing a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22740\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22740\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22740\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22740" ], "name": "CVE-2022-22740", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-14T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.", "The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "upstream_fix": "kernel 4.2-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8956\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8956" ], "name": "CVE-2015-8956", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "details": [ "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", "A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system." ], "statement": "This bind flaw can be exploited by a remote attacker (AV:N) by opening large number of simultaneous TCP client connections with the server. No special exploit code is required apart from the ability to open large number of TCP connections simultaneously either from one attacker machine or via some distributed attacker network (AC:L and PR:L). No user interaction is required from the server side (UI:N). The attacker can cause denial of service (A:H) by exhausting the file descriptor pool which named has access to. Also in cases where named process is not limited by OS-enforced per-process limits, this could cause exhaustion of available free file descriptors on the system running the named server causing denial of service for other processes running on that machine (S:C).", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges AT&T as the original reporter.", "upstream_fix": "bind 9.11.7, bind 9.11.6-P1, bind 9.14.1, bind 9.12.4-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5743\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5743\nhttps://kb.isc.org/docs/cve-2018-5743" ], "name": "CVE-2018-5743", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.", "A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser." ], "statement": "This flaw is considered Low, because it requires the attacker to first request or predict a valid nonce. Without a valid nonce, no arbitrary HTML will be sent back to the victim's browser.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10146\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10146" ], "name": "CVE-2019-10146", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-24T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.", "An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4998\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4998" ], "name": "CVE-2016-4998", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "The Mozilla Foundation Security Advisory describes this flaw as: After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable." ], "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22747\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22747\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22747\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22747" ], "name": "CVE-2022-22747", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-14T12:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in xorg-x11-server. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue. Upstream acknowledges the Xorg project as the original reporter.", "upstream_fix": "xorg-x11-server 21.1.2, xorg-x11-server 1.20.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4009\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4009\nhttps://lists.x.org/archives/xorg-announce/2021-December/003122.html\nhttps://lists.x.org/archives/xorg-announce/2021-December/003124.html" ], "name": "CVE-2021-4009", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-20T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.", "A flaw was found in git where credentials can be leaked through the use of a crafted URL. The crafted URL must contain a newline, empty host, or lack a scheme so that the credential helper is fulled into giving the information of a different host to the client. The highest threat from this vulnerability is to data confidentiality." ], "statement": "Red Hat Enterprise Linux 6 is not affected by this flaw as the vulnerable version of git, version 1.7.9-rc0 and later, was never made available for this product.", "acknowledgement": "Red Hat would like to thank the Git project for reporting this issue. Upstream acknowledges Carlo Arenas as the original reporter.", "upstream_fix": "git 2.25.4, git 2.18.4, git 2.24.3, git 2.21.3, git 2.23.3, git 2.26.2, git 2.20.4, git 2.22.4, git 2.19.5, git 2.17.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11008\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11008\nhttps://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7\nhttps://lore.kernel.org/git/xmqq4kterq5s.fsf@gitster.c.googlers.com/" ], "name": "CVE-2020-11008", "mitigation": { "value": "The most complete workaround is to disable credential helpers altogether:\n~~~\ngit config --unset credential.helper\ngit config --global --unset credential.helper\ngit config --system --unset credential.helper\n~~~\nAn alternative is to avoid malicious URLs:\n1. Examine the hostname and username portion of URLs fed to git clone or git fetch for the presence of encoded newlines (%0A) or syntactic oddities (e.g., http:///host with three slashes).\n2. Avoid using submodules with untrusted repositories (don't use git clone --recurse-submodules; use git submodule update only after examining the URLs found in .gitmodules).\n3. Avoid tools which may run git clone on untrusted URLs under the hood.\n4. Avoid using the credential helper by only cloning publicly available repositories.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-369", "details": [ "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.", "A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to \"0\". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6054\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6054" ], "name": "CVE-2014-6054", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.", "A flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system." ], "acknowledgement": "Red Hat would like to thank Adam Nichols (GRIMM) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27363\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27363\nhttps://www.openwall.com/lists/oss-security/2021/03/06/1" ], "name": "CVE-2021-27363", "mitigation": { "value": "The LIBISCSI module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install libiscsi /bin/true\" >> /etc/modprobe.d/disable-libiscsi.conf\nThe system will need to be restarted if the libiscsi modules are loaded. In most circumstances, the libiscsi kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf the system requires iscsi to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." ], "upstream_fix": "firefox 78.13, thunderbird 78.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29988\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29988" ], "name": "CVE-2021-29988", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-25T12:53:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.", "There is a use-after-free problem seen due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode." ], "statement": "This issue is rated as having Low impact as there is a need for high privilege access to trigger this problem. This will need an access to /dev/ptpX which is privileged operation, also removing the module is needed (again, privileged operation).", "upstream_fix": "kernel 5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10690\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10690" ], "name": "CVE-2020-10690", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-347", "details": [ "Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user ID, or by adding another user ID. If Thunderbird imports and accepts the crafted key, the Thunderbird user may falsely conclude that the false user ID belongs to the correspondent. This vulnerability affects Thunderbird < 78.9.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Neal Walfield as the original reporter.", "upstream_fix": "thunderbird 78.9.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23992\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23992" ], "name": "CVE-2021-23992", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in grub2. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20225\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20225" ], "name": "CVE-2021-20225", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-24T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "This issue was discovered by Mateusz Guzik (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0206\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0206" ], "name": "CVE-2014-0206", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.", "A flaw was found in the Linux kernel’s block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20856\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20856" ], "name": "CVE-2018-20856", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-02-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Paul Bandha as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0831\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0831\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-16" ], "name": "CVE-2015-0831", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5442\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5442\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5442" ], "name": "CVE-2017-5442", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10356\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10356" ], "name": "CVE-2017-10356", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-732", "details": [ "A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.", "It was found that IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys." ], "acknowledgement": "This issue was discovered by Fraser Tweedale (Red Hat).", "upstream_fix": "ipa 4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2590\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2590" ], "name": "CVE-2017-2590", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-460", "details": [ "An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.", "A flaw was found in the way the rx_queue_add_kobject and netdev_queue_add_kobject functions in the Linux kernel handled refcounting of certain objects. This flaw allows a local user who can trigger the error code path to use this vulnerability to disturb the integrity of the system." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the error code path (privileges).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20811\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e" ], "name": "CVE-2019-20811", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering nl80211hdr_put() failures, aka CID-1399c59fa929. NOTE: third parties dispute the relevance of this because it occurs on a code path where a successful allocation has already occurred", "A flaw was found in the Linux kernel. The Wireless configuration API functionality mishandles resource cleanup in nl80211_get_ftm_responder_stats function. An attacker able to trigger the resource cleanup code path could use this flaw to crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Moderate impact because of the preconditions needed to trigger the resource cleanup code path.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19055\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19055" ], "name": "CVE-2019-19055", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module cfg80211. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72.", "A protocol downgrade flaw was found in Network Security Services (NSS). After a HelloRetryRequest has been sent, the client may negotiate a lower protocol than TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored." ], "statement": "This flaw causes the client to hang when there is a downgrade attempt. Therefore no actual protocol downgrade occurs.", "upstream_fix": "nss 3.49", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17023\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17023\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.49_release_notes" ], "name": "CVE-2019-17023", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.", "Memory safety flaws were found in Mozilla Firefox and Thunderbird. Memory corruption that an attacker could leverage with enough effort, could allow arbitrary code to run. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alexandru Michis, André Bargull, Bas Schouten, Jason Kratzer, Karl Tomlinson, Ted Campbell, and philipp as the original reporters.", "upstream_fix": "thunderbird 68.8.0, firefox 68.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12395\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12395\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395" ], "name": "CVE-2020-12395", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-21T21:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ssbd", "acknowledgement": "Red Hat would like to thank Jann Horn (Google Project Zero) and Ken Johnson (Microsoft Security Response Center) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3639\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3639\nhttps://access.redhat.com/security/vulnerabilities/ssbd\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1528\nhttps://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf\nhttps://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html" ], "csaw": true, "name": "CVE-2018-3639" }, { "threat_severity": "Important", "public_date": "2018-11-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations." ], "statement": "This vulnerability is present in versions of perl included with Red Hat Virtualization Hypervisor and Management Appliance, however it is not exposed in any meaningful way. Perl is only included in these images as a dependency of components which do not manipulate ENV, and are not exposed to user input. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter.", "upstream_fix": "perl 5.29.1, perl 5.26.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18311\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18311" ], "name": "CVE-2018-18311", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2773\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2773" ], "name": "CVE-2020-2773", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-29457. Reason: This candidate is a duplicate of CVE-2021-29457. Notes: All CVE users should reference CVE-2021-29457 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage", "A flaw was found in exiv2. A flawed bounds checking in the jp2Image.cpp:doWriteMetadata function leads to a heap-based buffer overflow. This flaw allows an attacker who can provide a malicious image to an application using the exiv2 library, to write data out of bounds and potentially execute code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "exiv2 0.27.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-31291\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-31291" ], "name": "CVE-2021-31291", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine.", "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine." ], "statement": "Red Hat Enterprise Linux 6 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Pedro Barbosa (Red Hat) and the PostgreSQL project. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15097\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15097" ], "name": "CVE-2017-15097", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-667->CWE-662", "details": [ "An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.", "A denial-of-service (DoS) flaw was identified in the Linux kernel due to an incorrect memory barrier in xt_replace_table in net/netfilter/x_tables.c in the netfilter subsystem." ], "upstream_fix": "kernel 5.12 rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29650\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29650\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=175e476b8cdf2a4de7432583b49c871345e4f8a1" ], "name": "CVE-2021-29650", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.", "A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters.", "upstream_fix": "openssl 1.0.2g, openssl 1.0.1s", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0800\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0800\nhttps://access.redhat.com/articles/2176731\nhttps://www.drownattack.com/\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "csaw": true, "name": "CVE-2016-0800" }, { "threat_severity": "Moderate", "public_date": "2024-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Daniel Holbert and the Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "firefox 115.11, thunderbird 115.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-4777\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4777\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4777\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4777" ], "name": "CVE-2024-4777", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Kerberos). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2949\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2949" ], "name": "CVE-2019-2949", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-835", "details": [ "The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.", "An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and does not qualify for inclusion as part of the Red Hat Enterprise Linux 5 lifecycle. For more information on the lifecycle see https://access.redhat.com/support/policy/updates/errata", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7542\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7542" ], "name": "CVE-2017-7542", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "details": [ "An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ivan Fratric (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5447\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5447\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5447" ], "name": "CVE-2017-5447", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The keyring_search_aux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the \"dead\" type.", "The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service via a request_key system call for the \"dead\" key type." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6951\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6951" ], "name": "CVE-2017-6951", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin." ], "upstream_fix": "thunderbird 91.6, firefox 91.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22760\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22760" ], "name": "CVE-2022-22760", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-05T16:45:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.", "A memory out-of-bounds read flaw was found in the Linux kernel's ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "This issue was discovered by Jay Shin (Red Hat).", "upstream_fix": "Linux kernel version 5.9-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14314\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14314\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5872331b3d91820e14716632ebb56b1399b34fe1\nhttps://lore.kernel.org/linux-ext4/f53e246b-647c-64bb-16ec-135383c70ad7@redhat.com/T/#u" ], "name": "CVE-2020-14314", "mitigation": { "value": "If any directories of the partition (or image) broken, the command \"e2fsck -Df .../partition-name\" fixes it.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.", "A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue.", "upstream_fix": "nss 3.55", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12403\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12403\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes" ], "name": "CVE-2020-12403", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-08T06:30:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A Gather Data Sampling (GDS) transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction (load from memory) to infer stale data from previously used vector registers on the same physical core." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40982\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40982\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html" ], "name": "CVE-2022-40982", "mitigation": { "value": "The vulnerability can be mitigated by installing the CPU microcode package microcode_ctl version 20230808.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-13T00:00:00Z", "cvss3": { "cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.", "A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability." ], "acknowledgement": "This issue was discovered by Jay Shin (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10742\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10742" ], "name": "CVE-2020-10742", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8822\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8822\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8822", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", "It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10198\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10198" ], "name": "CVE-2017-10198", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-40211\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40211" ], "name": "CVE-2021-40211", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2739\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2739\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3899\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3899\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3899", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-26T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "(CWE-732|CWE-522)", "details": [ "virt-who uses world-readable permissions for /etc/sysconfig/virt-who, which allows local users to obtain password for hypervisors by reading the file.", "It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file." ], "acknowledgement": "Red Hat would like to thank Sal Castiglione for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0189\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0189" ], "name": "CVE-2014-0189", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2989\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2989" ], "name": "CVE-2019-2989", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 (\"[IPv4/IPv6]: UFO Scatter-gather approach\") on Oct 18 2005.", "An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5,6, 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Andrey Konovalov for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000112\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000112" ], "name": "CVE-2017-1000112", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.", "A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server." ], "statement": "This issue does not affect the version of openssl shipped with Red Hat Enterprise Linux 5; Red Hat JBoss Enterprise Application Server 5 and 6; and Red Hat JBoss Enterprise Web Server 1 and 2 because openssl-0.9.8e does not include support for session tickets.", "upstream_fix": "openssl 1.0.1j, openssl 0.9.8zc, openssl 1.0.0o", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3567\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3567\nhttps://www.openssl.org/news/secadv_20141015.txt" ], "name": "CVE-2014-3567", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none", "An assertion error has been reported in graphite2. An attacker could possibly exploit this flaw to cause an application crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7775\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7775\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7775", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-01T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-697->CWE-297", "details": [ "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.", "It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate." ], "statement": "This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5 and 6.", "upstream_fix": "squid 3.2.14, squid 3.5.4, squid 3.3.14, squid 3.4.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3455\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3455\nhttp://www.squid-cache.org/Advisories/SQUID-2015_1.txt" ], "name": "CVE-2015-3455", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When resizing a popup and requesting fullscreen access, the popup would have become unable to leave fullscreen mode." ], "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22741\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22741" ], "name": "CVE-2022-22741", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-08-09T06:30:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.", "A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-26373\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26373\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/post-barrier-return-stack-buffer-predictions.html" ], "name": "CVE-2022-26373", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.", "It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges." ], "acknowledgement": "Red Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5425\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5425\nhttp://legalhackers.com/advisories/Tomcat-RedHat-based-Root-Privilege-Escalation-Exploit.txt" ], "name": "CVE-2016-5425", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8707\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8707\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8707", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7818\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7818\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7818" ], "name": "CVE-2017-7818", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).", "A flaw was found in the TLS/SSL implementation in the JSSE component of OpenJDK, where it did not properly handle application data packets received before the handshake completion. This flaw allowed unauthorized injection of data at the beginning of a TLS session." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2816\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2816" ], "name": "CVE-2020-2816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA Linux user opening the print preview dialog could have caused the browser to crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cornel Ionce as the original reporter.", "upstream_fix": "firefox 115.7, thunderbird 115.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0746\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0746\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0746\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0746" ], "name": "CVE-2024-0746", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-08T00:00:00Z", "cvss": { "cvss_base_score": "1.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7970\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7970" ], "name": "CVE-2014-7970", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2708\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2708\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-46.html" ], "name": "CVE-2015-2708", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nManipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Marcin 'Icewall' Noga (Cisco Talos) as the original reporter.", "upstream_fix": "thunderbird 78, thunderbird 68.10.0, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12418\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12418\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418" ], "name": "CVE-2020-12418", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-89", "details": [ "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in postgresql. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "In Red Hat Gluster Storage 3, PostgreSQL (embedded in rhevm-dependencies) was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters.\nIn Red Hat Virtualization the manager appliance uses a vulnerable version of postgresql. Once a fix has been shipped for RHEL 8 the appliance can consume the fix via a regular yum update.", "acknowledgement": "Red Hat would like to thank Etienne Stalmans for reporting this issue.", "upstream_fix": "postgresql 13.1, postgresql 12.5, postgresql 11.10, postgresql 10.15, postgresql 9.6.20, postgresql 9.5.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25695\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25695\nhttps://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/\nhttps://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/" ], "name": "CVE-2020-25695", "mitigation": { "value": "While promptly updating PostgreSQL is the best remediation for most users, a user unable to do that can work around the vulnerability by disabling autovacuum and not manually running ANALYZE, CLUSTER, REINDEX, CREATE INDEX, VACUUM FULL, REFRESH MATERIALIZED VIEW, or a restore from output of the pg_dump command. Performance may degrade quickly under this workaround.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0." ], "statement": "Although this flaw affects versions of freerdp shipped with Red Hat Enterprise Linux 7 and 8, Red Hat Product Security views this flaw as having low impact because it only affects the freerdp client, the user must connect to an untrusted or compromised server, and it would not lead to a persistent denial of service if exploited.", "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11038\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11038" ], "name": "CVE-2020-11038", "mitigation": { "value": "This flaw can be mitigated by deactivating video redirection on the client side and not using /video.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Keytool). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35564\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35564" ], "name": "CVE-2021-35564", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developer reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jason Kratzer as the original reporter.", "upstream_fix": "thunderbird 78.3, firefox 78.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15673\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15673\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15673" ], "name": "CVE-2020-15673", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-240", "details": [ "Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.
*This bug only affects Firefox on ARM64 platforms.*. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of inconsistent data in the instruction and data cache when creating wasm code, which could lead to a potentially exploitable crash." ], "statement": "This bug only affects Firefox on ARM64 platforms.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong as the original reporter.", "upstream_fix": "thunderbird 102.3, firefox 102.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40957\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40957\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40957" ], "name": "CVE-2022-40957", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-06-15T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-253", "details": [ "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", "A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and may be addressed in a future update.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix\nthis issue have been shipped now.", "acknowledgement": "This issue was discovered by David Howells (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4470\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4470" ], "name": "CVE-2016-4470", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", "It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters.", "upstream_fix": "openssl 1.0.0r, openssl 1.0.2a, openssl 1.0.1m, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0703\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0703\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0703", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-41", "details": [ "vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.", "An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue.", "upstream_fix": "samba 4.1.22, samba 4.2.7, samba 4.3.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5252\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5252\nhttps://www.samba.org/samba/security/CVE-2015-5252.html" ], "name": "CVE-2015-5252", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-27T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.", "A stack-based buffer overflow flaw was found in the SREC parser of the libbfd library. A specially crafted file could cause an application using the libbfd library to crash or, potentially, execute arbitrary code with the privileges of the user running that application." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8504\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8504" ], "name": "CVE-2014-8504", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank Dianna Smith, Ryan VanderMeulen, Timothy Nikkel, and the Mozilla project for reporting this issue. Upstream acknowledges the Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "thunderbird 102.14, thunderbird 115.1, firefox 102.14, firefox 115.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4056\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4056\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4056\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4056\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056" ], "name": "CVE-2023-4056", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1." ], "upstream_fix": "libical 1.0.0, Thunderbird 60.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11704\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11704\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-17/\nhttps://www.x41-dsec.de/lab/advisories/x41-2019-001-thunderbird/" ], "name": "CVE-2019-11704", "mitigation": { "value": "Thunderbird can be configured to use icaljs instead of libical by setting `calendar.icaljs = true` in preferences, mitigating this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges André Bargull, Bob Clary, Christian Holler, David Keeler, Gary Kwong, Jan de Mooij, Jason Kratzer, Jet Villegas, Jon Coppeard, Julien Cristau, Nicholas Nethercote, Oriol Brufau, Philipp, Randell Jesup, Ryan VanderMeulen, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7826\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7826\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7826" ], "name": "CVE-2017-7826", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-222", "details": [ "A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.
*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Note that this CVE was actually fixed in Thunderbird 102.6.1 despite being initially included in the advisories for Thunderbird 102.6. A future update for Thunderbird 102.7 will address this CVE in Red Hat Enterprise Linux.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Matthias Zoellner as the original reporter.", "upstream_fix": "thunderbird 102.6.1, firefox 102.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46874\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46874\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46874\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-53\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-54/#CVE-2022-46874" ], "name": "CVE-2022-46874", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 in lz4::decompress function.", "A heap-based buffer overflow flaw related to \"lz4::decompress\" has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7772\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7772\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7772", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18492\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18492\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18492" ], "name": "CVE-2018-18492", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-08-07T00:00:00Z", "cvss": { "cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-862->CWE-201", "details": [ "Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.", "It was found that when replication was enabled for each attribute in Red Hat Directory Server / 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information." ], "acknowledgement": "This issue was discovered by Ludwig Krispenz (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3562\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3562" ], "name": "CVE-2014-3562", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-674", "details": [ "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.", "Missing recursive loop detection checks were found in the xmlParserEntityCheck() and xmlStringGetNodeList() functions of libxml2, causing application using the library to crash by stack exhaustion while building the associated data. An attacker able to send XML data to be parsed in recovery mode could launch a Denial of Service on the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3627\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3627" ], "name": "CVE-2016-3627", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.", "A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "upstream_fix": "bind 9.9.11-S2, bind 9.9.11-P1, bind 9.12.0rc2, bind 9.10.6-S2, bind 9.10.6-P1, bind 9.11.2-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3145\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3145\nhttps://kb.isc.org/article/AA-01542" ], "name": "CVE-2017-3145", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6863\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6863\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6863\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6863" ], "name": "CVE-2023-6863", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.", "An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library." ], "statement": "The security flaw exists in NSS library Base64 encoder/decoder code. Any application which uses NSS library to parse base64 encoded data could possibly be affected by the flaw. For example:\n1. Servers compiled against NSS which parse untrusted certificates or any other base64 encoded data from its users.\n2. Utilities like curl etc which use NSS to parse user provided base64 encoded certificates.\n3. Applications like Firefox which use NSS to parse client-certificates before passing them to the web server.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5461\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5461\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461" ], "name": "CVE-2017-5461", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-125", "details": [ "The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9658\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9658" ], "name": "CVE-2014-9658", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.", "A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3135\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3135\nhttps://kb.isc.org/article/AA-01453" ], "name": "CVE-2017-3135", "mitigation": { "value": "While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.", "A double-free of a password policy structure was found in the way slapd was handling certain errors during persistent search. A unauthenticated attacker could use this flaw to crash Directory Server." ], "acknowledgement": "This issue was discovered by Viktor Ashirov (Red Hat).", "upstream_fix": "389-ds-base 1.4.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14638\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14638" ], "name": "CVE-2018-14638", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5460\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5460\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5460" ], "name": "CVE-2017-5460", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-16T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-377", "details": [ "Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.", "It was found that glusterfs-server RPM package would write file with predictable name into world readable /tmp directory. A local attacker could potentially use this flaw to escalate their privileges to root by modifying the shell script during the installation of the glusterfs-server package." ], "statement": "This issue did not affect the versions of glusterfs as shipped\nwith Red Hat Enterprise Linux 6, and 7.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1795\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1795" ], "name": "CVE-2015-1795", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).", "A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter." ], "statement": "The vulnerability in Pillow's PIL.ImageMath.eval function poses a significant threat due to its potential for arbitrary code execution. Pillow's widespread use in diverse domains makes this flaw particularly impactful, as it could lead to unauthorized access, data breaches, and compromise of entire systems. The complex exploitation method involving Python's dunder methods adds sophistication to potential attacks.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-50447\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-50447\nhttp://www.openwall.com/lists/oss-security/2024/01/20/1\nhttps://devhub.checkmarx.com/cve-details/CVE-2023-50447/\nhttps://duartecsantos.github.io/2023-01-02-CVE-2023-50447/\nhttps://github.com/python-pillow/Pillow/releases" ], "name": "CVE-2023-50447", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-29T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:H/Au:M/C:P/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name.", "A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include \"networks: dns\" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat).", "upstream_fix": "glibc 2.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3075\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3075" ], "name": "CVE-2016-3075", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.", "A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "This issue was discovered by Jay Shin (Red Hat).", "upstream_fix": "Linux kernel 4.5-rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20265\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20265" ], "name": "CVE-2021-20265", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-290", "details": [ "The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.", "It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session." ], "upstream_fix": "tomcat 6.0.45, tomcat 7.0.68, tomcat 8.0.32", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0714\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0714\nhttp://seclists.org/bugtraq/2016/Feb/145" ], "name": "CVE-2016-0714", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nNavigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks" ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Luan Herrera as the original reporter.", "upstream_fix": "thunderbird 102.7, firefox 102.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-23601\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-23601\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23601\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23601" ], "name": "CVE-2023-23601", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.", "An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230." ], "upstream_fix": "squid 3.5.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4554\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4554\nhttp://www.squid-cache.org/Advisories/SQUID-2016_8.txt" ], "name": "CVE-2016-4554", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-02T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors." ], "upstream_fix": "nettle 3.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8804\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8804\nhttps://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003024.html" ], "name": "CVE-2015-8804", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-41", "details": [ "A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them." ], "statement": "Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "httpd 2.4.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0220\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0220\nhttp://www.apache.org/dist/httpd/CHANGES_2.4\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2019-0220", "mitigation": { "value": "This flaw can be mitigation by replacing multiple consecutive slashes, used in directives that match against the path component of the request URL with regular expressions.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yuyang Zhou as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5291\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5291\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-5291", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.", "A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7843\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7843\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7843" ], "name": "CVE-2017-7843", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.", "A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code." ], "upstream_fix": "glibc 2.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11237\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11237" ], "name": "CVE-2018-11237", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3508\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3508\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3508", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-23T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.", "It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2 as this flaw was fixed in the recent releases.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise\nLinux 6. Future updates for the respective releases may address the issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8215\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8215" ], "name": "CVE-2015-8215", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.", "Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.2.10, samba 4.3.7, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2110\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2110\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2110", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.", "It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords." ], "statement": "This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat Enterprise Linux 6, 7 and 8. More details available at: https://bugzilla.redhat.com/show_bug.cgi?id=1364935#c13", "upstream_fix": "openssh 7.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6515\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6515" ], "name": "CVE-2016-6515", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-10-06T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." ], "upstream_fix": "thunderbird 78.4, firefox 78.4, chromium-browser 86.0.4240.75", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15969\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15969\nhttps://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html" ], "name": "CVE-2020-15969", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2992\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2992" ], "name": "CVE-2019-2992", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server.", "A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cache' caching mechanism. A malicious user/process could use 'in memory' page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5489\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5489" ], "name": "CVE-2019-5489", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.", "It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel's sg implementation did not properly restrict write operations in situations where the KERNEL_DS option is set. A local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10088\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10088" ], "name": "CVE-2016-10088", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14579\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14579" ], "name": "CVE-2020-14579", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-05-01T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO & !OPOST\" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings." ], "statement": "This issue did not affect the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affected the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 prior to version kernel-2.6.32-358.6.1.el6, released via RHSA-2013:0744 (https://rhn.redhat.com/errata/RHSA-2013-0744.html). That update added a backport of the upstream commit c56a00a165, which avoided this issue.\nThis flaw requires local system access to be exploited. We are currently not aware of any working exploit for Red Hat Enterprise Linux 6 or Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0196\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0196" ], "name": "CVE-2014-0196", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", "An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application." ], "statement": "This bug was introduced in zlib v1.2.2.2 through zlib v1.2.11, with the addition of the Z_FIXED option, which forces the use of fixed Huffman codes, rather than dynamic Huffman codes, allowing for a simpler decoder for special applications.\nThis bug is difficult to trigger, as Z_FIXED is usually only used in special circumstances.\nRsync does the compression in-transit using zlib. As rsync uses vulnerable zlib v1.2.8 package, which incorrectly handles memory when performing certain zlib compressing or deflating operations. This results in rsync to crash.\nNote - The issue wasn't publicly labelled as security vulnerability until 2022, but the fix was public since 2018.", "upstream_fix": "zlib 1.2.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-25032\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-25032" ], "name": "CVE-2018-25032", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "thunderbird 78, firefox 78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12422\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12422\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422" ], "name": "CVE-2020-12422", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3587\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3587\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3587", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-26T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122->CWE-125->CWE-787", "details": [ "Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.", "A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the \"lp\" user." ], "acknowledgement": "This issue was discovered by Petr Sklenar (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3258\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3258" ], "name": "CVE-2015-3258", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value." ], "upstream_fix": "freerdp 2.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13397\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13397" ], "name": "CVE-2020-13397", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-39399\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39399" ], "name": "CVE-2022-39399", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-367", "details": [ "In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.", "A race condition between pppol2tp_session_create() and l2tp_eth_create() in net/l2tp/l2tp_netlink.c was found in the Linux kernel. Calling l2tp_tunnel_find() may result in a new tunnel being created with tunnel id of a previously removed tunnel which wouldn't be protected by the reference counter." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9517\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9517" ], "name": "CVE-2018-9517", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.", "A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console. An out-of-bounds read can occur, leaking information to the console." ], "statement": "This flaw is rated as a having Moderate impact, it is an infoleak that is written to the screen.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8649\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8649" ], "name": "CVE-2020-8649", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.", "A race-condition flaw was discovered in the kernel's netlink module creation, which can trigger a kernel panic in netlink_release->module_put for local users creating netlink sockets. The flaw is specific to Red Hat Enterprise Linux and does not affect upstream kernels. The nfnetlink_log module must be loaded before the flaw can occur." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2 and may be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7553\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7553" ], "name": "CVE-2015-7553", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-266", "details": [ "An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.", "A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space. This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace process, leading to privilege escalation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13166\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13166" ], "name": "CVE-2017-13166", "mitigation": { "value": "A systemtap script intercepting v4l2_compat_ioctl32() function of the [videodev] module and making it to return -ENOIOCTLCMD error value would work just fine, except breaking all 32bit video capturing software, but not 64bit ones.\nAlternatively, blacklisting [videodev] module will work too, but it will break all video capturing software.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.", "A use-after-free flaw was found in the Linux kernel’s L2CAP bluetooth functionality in how a user triggers a race condition by two malicious flows in the L2CAP bluetooth packets. This flaw allows a local or bluetooth connection user to crash the system or potentially escalate privileges." ], "statement": "This issue is rated between Moderate and Important (similar to the CVE-2022-45934) because of no known attack, and the attack would be complex. Anyway, consider this CVE-2022-3564 as Important because the use-after-free can potentially lead to privilege escalation or a potential remote system crash (and currently, a read after-free that in most cases would not lead to a remote system crash).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-3564\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3564\nhttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1" ], "name": "CVE-2022-3564", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2022-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when injecting an HTML base element; some requests would ignore the CSP's base-uri settings and accept the injected element's base instead." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Satoki Tsuji as the original reporter.", "upstream_fix": "thunderbird 102.3, firefox 102.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40956\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40956\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40956" ], "name": "CVE-2022-40956", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-862->CWE-400", "details": [ "d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.", "A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory." ], "upstream_fix": "openssl 0.9.8zb, openssl 1.0.1i, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3506\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3506\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3506", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25746\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25746\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25746" ], "name": "CVE-2023-25746", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3511\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3511\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3511", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.", "It was found that the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code." ], "statement": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10179\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10179" ], "name": "CVE-2019-10179", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Phil Ringalda, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2807\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2807\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-39.html" ], "name": "CVE-2016-2807", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-117", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.\nNote: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21011\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21011\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21011", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21968\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21968" ], "name": "CVE-2023-21968", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21294\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21294" ], "name": "CVE-2022-21294", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-03T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.", "Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2842\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2842" ], "name": "CVE-2016-2842", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.", "It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible." ], "upstream_fix": "tomcat 8.5.5, tomcat 6.0.47, tomcat 7.0.72, tomcat 8.0.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6794\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-6794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-06T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-611", "details": [ "libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods.", "It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system." ], "statement": "This issue affects the versions of libvirt as shipped with Red Hat Enterprise Linux 5, however the impact is limited to denial of service since it does not support fine grained access control.", "acknowledgement": "Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0179\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0179\nhttp://security.libvirt.org/2014/0003.html" ], "name": "CVE-2014-0179", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-13T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-772->CWE-672->CWE-665", "details": [ "The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.", "It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd." ], "acknowledgement": "Red Hat would like to thank Qinghao Tang (QIHU 360) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5621\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5621" ], "name": "CVE-2015-5621", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.", "A flaw was found in the Linux kernel. A use-after-free memory flaw in the Fast Userspace Mutexes functionality allowing a local user to crash the system or escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3347\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3347" ], "name": "CVE-2021-3347", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-04T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack." ], "acknowledgement": "Red Hat would like to thank chenyuan (NESA Lab) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10733\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10733" ], "name": "CVE-2018-10733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-24T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.", "A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3185\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3185" ], "name": "CVE-2014-3185", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26968\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26968\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968" ], "name": "CVE-2020-26968", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky and Olli Pettay as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0801\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0801\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-40.html" ], "name": "CVE-2015-0801", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-28T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.", "It was found that the fix for the CVE-2014-8485 issue was incomplete: a heap-based buffer overflow in the objdump utility could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running objdump when processing specially crafted files." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8502\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8502" ], "name": "CVE-2014-8502", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-06-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.\nIt has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.", "A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly." ], "acknowledgement": "Upstream acknowledges Anat Bremler-Barr (Tel-Aviv University), Shoham Danino (Reichman University), Yehuda Afek (Tel-Aviv University), and Yuval Shavitt (Tel-Aviv University) as the original reporters.", "upstream_fix": "bind 9.16.42, bind 9.18.16, bind 9.19.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-2828\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2828\nhttps://kb.isc.org/docs/cve-2023-2828" ], "name": "CVE-2023-2828", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon.", "An open redirect flaw was discovered in mod_auth_openidc, where it handles logout redirection. The module does not correctly validate the URL, allowing a URL with leading slashes to bypass the protection checks. A victim user may be tricked into visiting a trusted vulnerable web site, which would redirect them to another possibly malicious URL." ], "statement": "It is not possible to reproduce the open redirect vulnerability in the versions of mod_auth_openidc as shipped in Red Hat Enterprise Linux 7, as a missing check makes the process crash, due to a NULL pointer dereference, instead of letting it continue with an invalid URL.", "upstream_fix": "mod_auth_openidc 2.4.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14857\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14857" ], "name": "CVE-2019-14857", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-330", "details": [ "A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version", "A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well." ], "statement": "This issue is rated as having Moderate impact because of the attack scenario limitation. It is possible to harm the networking services only, but not for the overall system under attack, and impossible to get access to this remote system under attack.", "upstream_fix": "kernel 5.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25705\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25705" ], "name": "CVE-2020-25705", "mitigation": { "value": "The mitigation is to disable ICMP destination unreachable messages.\nThe commands to disable UDP port unreachable ICMP reply messages:\niptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP\nservice iptables save\nFor additional information about \"service iptables save\" please read https://access.redhat.com/solutions/1597703\nIt is not recommended to apply this rule if host being used as forwarder (router) of IP packets.\nOr it is possible to use this firewall-cmd instead of iptables and the result is similar:\nfirewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p icmp --icmp-type destination-unreachable -j DROP", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-21T03:28:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.", "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation." ], "statement": "This flaw affects all current shipping releases of Red Hat Enterprise Linux. This flaw requires real or emulated midi hardware available in the system. Fixes will be delivered when available.", "acknowledgement": "Red Hat would like to thank Trend Micro Zero Day Initiative for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10902\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10902" ], "name": "CVE-2018-10902", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-16T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.", "A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG 2.\nPlease note that on Red Hat Enterprise Linux 6 pppol2tp module is not\nautomatically loaded when AF_PPPOX/PX_PROTO_OL2TP socket is created as\nRed Hat Enterprise Linux 6 lacks upstream commit 9395a09d05a23bb and default\nmodprobe configuration as shipped with module-init-tools package does not\ncontain the alias for pppol2tp protocol either. As a result, pppol2tp module\nhas to be explicitly enabled and/or loaded by the system administrator.", "acknowledgement": "Red Hat would like to thank Sasha Levin for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4943\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4943" ], "name": "CVE-2014-4943", "mitigation": { "value": "For Red Hat Enterprise Linux 6 do --\n]# echo \"install pppol2tp /bin/true\" > /etc/modprobe.d/pppol2tp.conf\nFor Red Hat Enterprise Linux 7 do --\n]# echo \"install l2tp_ppp /bin/true\" > /etc/modprobe.d/l2t_pppp.conf\nOr, alternatively, when pppol2tp/l2tp_ppp module can't be blacklisted and needs\nto be loaded, you can use the following systemtap script --\n1) On the host, save the following in a file with the \".stp\" extension --\nprobe module(\"*l2tp*\").function(\"pppol2tp_*etsockopt\").call {\n$level = 273;\n}\n2) Install the \"systemtap\" package and any required dependencies. Refer to\nthe \"2. Using SystemTap\" chapter in the Red Hat Enterprise Linux 6\n\"SystemTap Beginners Guide\" document, available from docs.redhat.com, for\ninformation on installing the required -debuginfo packages.\n3) Run the \"stap -g [filename-from-step-1].stp\" command as root.\nIf the host is rebooted, the changes will be lost and the script must be\nrun again.\nAlternatively, build the systemtap script on a development system with\n\"stap -g -p 4 [filename-from-step-1].stp\", distribute the resulting kernel\nmodule to all affected systems, and run \"staprun -L \" on those.\nWhen using this approach only systemtap-runtime package is required on the\naffected systems. Please notice that the kernel version must be the same across\nall systems.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.", "A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request." ], "acknowledgement": "Red Hat would like to thank Internet Systems Consortium for reporting this issue. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter.", "upstream_fix": "bind 9.9.10-P2, bind 9.10.5-P2, bind 9.11.1-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3143\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3143\nhttps://kb.isc.org/article/AA-01503" ], "name": "CVE-2017-3143", "mitigation": { "value": "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in parallel. For information on how to configure this type of compound authentication control, please see:\nhttps://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3169\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3169" ], "name": "CVE-2018-3169", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a \"SECTION\" type that has a \"0\" value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10535\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10535" ], "name": "CVE-2018-10535", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-284->CWE-201", "details": [ "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.", "An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP (Alternate MAC-PHY Manager Protocol) packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory on the system by sending specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality." ], "acknowledgement": "Red Hat would like to thank Andy Nguyen (Google) and Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12352\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12352\nhttps://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq\nhttps://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html" ], "csaw": true, "name": "CVE-2020-12352", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts).", "It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3252\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3252" ], "name": "CVE-2017-3252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-28T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.", "A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7795\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7795" ], "name": "CVE-2016-7795", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka \"ImageTragick.\"", "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3714\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3714" ], "csaw": true, "name": "CVE-2016-3714", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT, SHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2014-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client." ], "statement": "This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8240\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8240" ], "name": "CVE-2014-8240", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-449", "details": [ "When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification." ], "upstream_fix": "thunderbird 91.7, firefox 91.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-26383\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26383" ], "name": "CVE-2022-26383", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-09-07T00:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file." ], "upstream_fix": "libxml2 2.9.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18258\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18258" ], "name": "CVE-2017-18258", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.", "A flaw was found in the Linux kernel's implementation of the RealTek wireless drivers WiFi-direct (or WiFi peer-to-peer) driver implementation. When the RealTek wireless networking hardware is configured to accept WiFi-Direct or WiFi P2P connections, an attacker within the wireless network connectivity radio range can exploit a flaw in the WiFi-direct protocol known as \"Notice of Absence\" by creating specially crafted frames which can then corrupt kernel memory as the upper bounds on the length of the frame is unchecked and supplied by the incoming packet." ], "upstream_fix": "kernel 5.3.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17666\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17666\nhttps://arstechnica.com/information-technology/2019/10/unpatched-linux-flaw-may-let-attackers-crash-or-compromise-nearby-devices/\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1" ], "name": "CVE-2019-17666", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-07T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash)." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5180\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5180" ], "name": "CVE-2015-5180", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-282", "details": [ "Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.", "A flaw was found in Open-iSCSI rtslib-fb through versions 2.1.72, where it has weak permissions for /etc/target/saveconfig.json because the shutil.copyfile, instead of shutil.copy is used, and permissions are not preserved upon editing. This flaw allows an attacker with prior access to /etc/target/saveconfig.json to access a later version, resulting in a loss of integrity, depending on their permission settings. The highest threat from this vulnerability is to confidentiality." ], "statement": "Red Hat Ceph Storage 2 and 3 are not affected because within the affected method, shutil.copyfile is not used. However, the affected method, save_to_file is outdated and contains a race condition. Hence, this issue has been rated as having a security impact of low.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14019\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14019" ], "name": "CVE-2020-14019", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-14T17:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank Apple Product Security for reporting this issue. Upstream acknowledges Stephan Zeisberg (Security Research Labs) as the original reporter.", "upstream_fix": "cups 2.2.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8675\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8675" ], "name": "CVE-2019-8675", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-532", "details": [ "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0448\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0448\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0448", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-16T12:30:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.", "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication." ], "upstream_fix": "Kernel 6.4-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-2002\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2002\nhttps://www.openwall.com/lists/oss-security/2023/04/16/3" ], "name": "CVE-2023-2002", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.", "A divide-by-zero error was found in the way Poppler handled certain PDF files. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by an application linked to Poppler, would crash the application causing a denial of service." ], "statement": "This flaw did not affect the versions of Poppler as shipped with Red Hat Enterprise Linux 5 and 6, as they did not include the vulnerable code.", "upstream_fix": "poppler 0.79.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14494\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14494" ], "name": "CVE-2019-14494", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-364", "details": [ "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12392\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12392\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392" ], "name": "CVE-2018-12392", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95." ], "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43545\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43545" ], "name": "CVE-2021-43545", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2." ], "upstream_fix": "thunderbird 91.2, firefox 91.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38497\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38497" ], "name": "CVE-2021-38497", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-682", "details": [ "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen." ], "upstream_fix": "openssl 1.1.0g, openssl 1.0.2m", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3736\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3736\nhttps://www.openssl.org/news/secadv/20171102.txt" ], "name": "CVE-2017-3736", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early. This is related to sound/core/init.c and sound/core/info.c.", "A vulnerability was found in the Linux kernel’s core sound driver code. A use-after-free in a race condition between disconnection events could allow a local attacker who can trigger disconnection events (remove or add hardware) to crash the system, corrupt memory, or escalate privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15214\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15214" ], "name": "CVE-2019-15214", "mitigation": { "value": "As the snd module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install snd /bin/true\" >> /etc/modprobe.d/disable-snd.conf \nThe system will need to be restarted if the snd modules are loaded. In most circumstances, the snd kernel modules will be unable to be unloaded while they are is in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the \"negative zero\" issue.", "A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Benjamin (Google), Hanno Böck, and Huzaifa Sidhpurwala (Red Hat) as the original reporters.", "upstream_fix": "openssl 1.0.2c, openssl 1.0.1o", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2108\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2108\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2108", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-390", "details": [ "Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.", "Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 on ppc64 and ppc64le platforms. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7 on ppc64 and ppc64le platforms. Future Linux kernel updates for the respective releases might address this issue.\nOnly ppc64 and ppc64le hardware platforms are vulnerable. The Linux kernel packages for other platforms which Red Hat ships (i386, x86_64, s390x) are not vulnerable to this security flaw.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2 as this product is shipped for x86_64 hardware platform only.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7616\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7616" ], "name": "CVE-2017-7616", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-863", "details": [ "When a page's content security policy (CSP) header contains a \"sandbox\" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rhys Enniks as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7803\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7803\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7803" ], "name": "CVE-2017-7803", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-14T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.", "A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future updates for the respective releases may address the issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2384\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2384\nhttp://seclists.org/oss-sec/2016/q1/331\nhttps://lkml.org/lkml/2016/2/13/11" ], "name": "CVE-2016-2384", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-749", "details": [ "Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1594\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1594\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-89.html" ], "name": "CVE-2014-1594", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-290", "details": [ "A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "thunderbird 115.2, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4051\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4051\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4051" ], "name": "CVE-2023-4051", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.", "A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash." ], "statement": "This issue affects the version of tigervnc as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8241\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8241" ], "name": "CVE-2014-8241", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.", "A flaw was found in FreeRDP between versions 1.0 and 2.0.0. An out-of-bounds memory write was found in the interleaved.c function which could allow an attacker to take over and control the RDP server, including data sent to the client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11524\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11524" ], "name": "CVE-2020-11524", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-11T22:53:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-345", "details": [ "A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.", "A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability." ], "statement": "To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM. It is strongly recommended to only use RPMs from trusted repositories.", "acknowledgement": "Red Hat would like to thank Demi M. Obenour for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20271\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20271" ], "name": "CVE-2021-20271", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2790\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2790\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2790", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "Keyboard events reference strings like \"KeyA\" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like \"KeyA\" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed." ], "acknowledgement": "Red Hat would like to thank Erik Kraft, Martin Schwarzl, and the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight as the original reporter.", "upstream_fix": "thunderbird 102.5, firefox 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45416\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45416\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45416\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45416" ], "name": "CVE-2022-45416", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4840\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4840\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4840", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-13T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "status": "verified" }, "details": [ "The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3145\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3145" ], "name": "CVE-2014-3145", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service.", "A buffer overflow was found in strncpy of the pl_getxattr() function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14652\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14652" ], "name": "CVE-2018-14652", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.", "A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "The squid packages are compiled with protections like stack canaries, which should reduce the chance of a successful exploitation dramatically and the most likely outcome is a crash without code execution.", "upstream_fix": "squid 4.11, squid 5.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12519\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12519\nhttp://www.squid-cache.org/Advisories/SQUID-2019_12.txt\nhttps://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt" ], "name": "CVE-2019-12519", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843->CWE-787", "details": [ "A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9795\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9795\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9795" ], "name": "CVE-2019-9795", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10346\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10346" ], "name": "CVE-2017-10346", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Navigation events were not fully adhering to the W3C's \"Navigation-Timing Level 2\" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-origin information exposure of history through timing side-channel attacks. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yoav Weiss as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 68.1, firefox 60.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11743\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11743\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11743" ], "name": "CVE-2019-11743", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library." ], "statement": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\nCustomers using this application, which does server-side image processing by linking to the libwebp library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4863\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4863\nhttps://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-40/" ], "csaw": true, "name": "CVE-2023-4863", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" } }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yan as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2733\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2733\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-65.html" ], "name": "CVE-2015-2733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: If a custom mouse cursor is specified in CSS, under certain circumstances the cursor could have been drawn over the browser UI, resulting in potential user confusion or spoofing attacks." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "thunderbird 102.5, firefox 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45418\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45418\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45418\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45418" ], "name": "CVE-2022-45418", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.", "Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-45463\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45463" ], "name": "CVE-2021-45463", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19059\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19059" ], "name": "CVE-2018-19059", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5258\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5258\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-72.html" ], "name": "CVE-2016-5258", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-05-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.", "A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7502\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7502" ], "name": "CVE-2017-7502", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts).", "It was discovered that the Libraries component of OpenJDK accepted ECDSA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5546\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5546" ], "name": "CVE-2016-5546", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).", "It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3241\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3241" ], "name": "CVE-2017-3241", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-266", "details": [ "Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI.", "An incomplete fix for CVE-2017-5226 was found in flatpak. A sandbox bypass flaw was found in the way bubblewrap, which is used for sandboxing flatpak applications handled the TIOCSTI ioctl. A malicious flatpak application could use this flaw to inject commands into the controlled terminal of the host after the flatpak applications exits. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw can be exploited by malicious flatpak applications which include the code to exploit the wrong handling of the TIOCSTI ioctl (AV:L). No special action is needed to be performed by the attacker just having the exploit code should be enough for bypassing the sandbox restrictions (AC:L), Also the applications needs to be downloaded and run by the victim (PR:L). The flaw results in code being executed on the host system which is running the sandboxed application therefore this affects the host beyond the sandboxed application (S:C). Lastly considering the worst scenario in which the flatpak is run as root on the host system, this flaw can result in the malicious application running code as root on the host system (CIA:H).", "upstream_fix": "flatpak 1.3.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10063\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10063" ], "name": "CVE-2019-10063", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.", "A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0460\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0460\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0460", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-21T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-697->CWE-266", "details": [ "arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.", "It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word (PSW) was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory." ], "statement": "This issue did not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.", "acknowledgement": "Red Hat would like to thank Martin Schwidefsky (IBM) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3534\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3534" ], "name": "CVE-2014-3534", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue was fixed in the Graphite 2 library as well as Mozilla products. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5436\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5436\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5436" ], "name": "CVE-2017-5436", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9904\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9904\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9904" ], "name": "CVE-2016-9904", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.", "An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon." ], "upstream_fix": "cups-filters 1.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4337\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4337" ], "name": "CVE-2014-4337", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-924", "details": [ "During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Damian Poddebniak as the original reporter.", "upstream_fix": "thunderbird 78.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15685\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15685\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685" ], "name": "CVE-2020-15685", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting \"Load printer settings with the document\" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.", "An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file." ], "upstream_fix": "openoffice 4.1.1, libreoffice 5.0.0, libreoffice 4.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5212\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5212\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/\nhttp://www.openoffice.org/security/cves/CVE-2015-5212.html" ], "name": "CVE-2015-5212", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.", "A use-after-free flaw was found in the Linux kernel’s ext4 file system functionality when the user mount ext4 partition, with the usage of an additional debug parameter is defining an extra inode size. If this parameter has a non zero value, this flaw allows a local user to crash the system when inode expansion happens." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19767\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19767" ], "name": "CVE-2019-19767", "mitigation": { "value": "The mitigation is not to use debug_want_extra_isize parameter when mounting ext4 FS.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16422\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16422\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16422", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-10T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0186\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0186" ], "name": "CVE-2014-0186", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value. This could leak private data into the output. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges OSS-Fuzz as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12366\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12366\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12366" ], "name": "CVE-2018-12366", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35588\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35588" ], "name": "CVE-2021-35588", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3897\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3897\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3897", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.", "A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure." ], "acknowledgement": "Red Hat would like to thank AMD for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-23825\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23825\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037" ], "name": "CVE-2022-23825", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.", "A flaw was found in the Linux kernel's implementation of Logical Link Control and Adaptation Protocol (L2CAP), part of the Bluetooth stack. An attacker, within the range of standard Bluetooth transmissions, can create and send a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3459\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3459" ], "name": "CVE-2019-3459", "mitigation": { "value": "- Disabling the bluetooth hardware in the bios.\n- Prevent loading of the bluetooth kernel modules.\n- Disable the bluetooth connection by putting the system in \"airport\" mode.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.", "A reflected cross-site scripting (XSS) vulnerability was found in Python XML-RPC server. The `server_title` field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the affected user." ], "statement": "This flaw does not affect the versions of python27-python as shipped with Red Hat Software Collections 3 as they already include the fix.\nThis flaw does not affect the versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 as they are \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "upstream_fix": "python 2.7.17, python 3.5.8, python 3.6.10, python 3.7.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16935\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16935" ], "name": "CVE-2019-16935", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2821\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2821" ], "name": "CVE-2019-2821", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.", "It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory." ], "upstream_fix": "openssl 0.9.8zb, openssl 1.0.1i, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3508\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3508\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3508", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-14T15:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-267", "details": [ "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.", "A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction." ], "statement": "This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:\nsomeuser myhost = (ALL, !root) /usr/bin/somecommand\nThis configuration allows user \"someuser\" to run somecommand as any other user except root. However, this flaw also allows someuser to run somecommand as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.\nAny other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.\nRed Hat Virtualization Hypervisor includes an affected version of sudo, however the default configuration is not vulnerable to this flaw.", "acknowledgement": "Red Hat would like to thank the Sudo project for reporting this issue. Upstream acknowledges Joe Vennix (Apple Information Security) as the original reporter.", "upstream_fix": "sudo 1.8.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14287\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14287\nhttps://www.sudo.ws/alerts/minus_1_uid.html" ], "csaw": true, "name": "CVE-2019-14287", "mitigation": { "value": "This vulnerability only affects configurations of sudo that have a runas user list that includes an exclusion of root. The most simple example is:\n~~~\nsomeuser ALL=(ALL, !root) /usr/bin/somecommand\n~~~\nThe exclusion is specified using an excalamation mark (!). In this example, the \"root\" user is specified by name. The root user may also be identified in other ways, such as by user id:\n~~~\nsomeuser ALL=(ALL, !#0) /usr/bin/somecommand\n~~~\nor by reference to a runas alias:\n~~~\nRunas_Alias MYGROUP = root, adminuser\nsomeuser ALL=(ALL, !MYGROUP) /usr/bin/somecommand\n~~~\nTo ensure your sudoers configuration is not affected by this vulnerability, we recommend examining each sudoers entry that includes the `!` character in the runas specification, to ensure that the root user is not among the exclusions. These can be found in the /etc/sudoers file or files under /etc/sudoers.d.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2017-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.", "A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.10.4-P8, bind 9.9.9-P8, bind 9.11.0-P5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3137\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3137\nhttps://kb.isc.org/article/AA-01466" ], "name": "CVE-2017-3137", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2341\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2341" ], "name": "CVE-2021-2341", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8644\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8644\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8644", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-113", "details": [ "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\nor ProxyPassMatch in which a non-specific pattern matches\nsome portion of the user-supplied request-target (URL) data and is then\nre-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.", "A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution." ], "upstream_fix": "httpd 2.4.56", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25690\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25690\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2023-25690", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-27T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.", "A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.9-P3, bind 9.10.4-P3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2776\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2776\nhttps://kb.isc.org/article/AA-01419/0" ], "csaw": true, "name": "CVE-2016-2776" }, { "threat_severity": "Moderate", "public_date": "2015-08-06T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-122", "details": [ "The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.", "A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system." ], "statement": "This issue did not affect the Linux kernel packages as shipped with Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Jason Wang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5156\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5156" ], "name": "CVE-2015-5156", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H", "status": "verified" }, "cwe": "CWE-611", "details": [ "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.", "A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability." ], "upstream_fix": "postgresql-jdbc 42.2.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13692\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13692" ], "name": "CVE-2020-13692", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-299", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.", "A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4748\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4748\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4748", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges sonakkbi as the original reporter.", "upstream_fix": "thunderbird 102.15, thunderbird 115.2, firefox 102.15, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4573\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4573\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4573" ], "name": "CVE-2023-4573", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.", "It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman." ], "upstream_fix": "mailman 2.1.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2775\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2775" ], "name": "CVE-2015-2775", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of certain types of allocations that were missing annotations that, if the Garbage Collector was in a specific state, could lead to memory corruption and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß as the original reporter.", "upstream_fix": "thunderbird 102.4, firefox 102.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42928\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42928\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42928\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42928" ], "name": "CVE-2022-42928", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-460", "details": [ "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).", "A flaw was found in the Linux kernel when freeing pages in hugetlbfs. This could trigger a local denial of service by crashing the kernel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15127\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15127" ], "name": "CVE-2017-15127", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 70 and Firefox ESR 68.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 68.3, firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17012\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17012\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012" ], "name": "CVE-2019-17012", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-122", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.", "An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0469\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0469\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0469", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.", "A cross-site scripting vulnerability (XSS) has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts." ], "upstream_fix": "mailman 2.1.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0618\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0618" ], "name": "CVE-2018-0618", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-23T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-193", "details": [ "Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.", "An out-of-bounds heap read flaw was found in GStreamer's H.264 parser. A remote attacker could use this flaw to cause an application using GStreamer to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9809\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9809" ], "name": "CVE-2016-9809", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.", "A flaw was found in the way samba allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client." ], "acknowledgement": "This issue was discovered by Vivek Das (Red Hat).", "upstream_fix": "samba 4.7.9, samba 4.8.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1139\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1139\nhttps://www.samba.org/samba/security/CVE-2018-1139.html" ], "name": "CVE-2018-1139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-400", "details": [ "The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.", "The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the code with the flaw is not present in this product.", "upstream_fix": "kernel 4.14.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18203\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18203" ], "name": "CVE-2017-18203", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provides a script for starting the database server during system boot. Packages of PostgreSQL for many operating systems provide their own, packager-authored startup implementations. Several implementations use a log file name that the database superuser can replace with a symbolic link. As root, they open(), chmod() and/or chown() this log file name. This often suffices for the database superuser to escalate to root privileges when root starts the server.", "Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine." ], "statement": "Red Hat Enterprise Linux 6 and Satellite 5 are now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter.", "upstream_fix": "postgresql 9.5.10, postgresql 9.6.6, postgresql 9.3.20, postgresql 10.1, postgresql 9.4.15, postgresql 9.2.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12172\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12172\nhttps://www.postgresql.org/about/news/1801/" ], "name": "CVE-2017-12172", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8672\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8672\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8672", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-05-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service", "A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service" ], "statement": "This vulnerability is categorized as an important severity issue rather than a critical one because, while it can cause a denial of service by stopping the directory service, it does not allow for remote code execution, privilege escalation, or data exfiltration. The impact is limited to service disruption, which can be mitigated by monitoring and automatic service restarts. Additionally, exploiting this vulnerability requires specific crafted packets, indicating that an attacker would need a certain level of knowledge and access to execute the attack, reducing the likelihood of widespread exploitation.", "upstream_fix": "389-ds-base 2.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-3657\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3657" ], "name": "CVE-2024-3657", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c." ], "upstream_fix": "freetype 2.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-9381\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9381" ], "name": "CVE-2015-9381", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2736\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2736\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2736", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.", "A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46343\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46343" ], "name": "CVE-2022-46343", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.", "A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with Moderate severity.", "upstream_fix": "xorg-server 21.1.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-0494\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0494\nhttps://github.com/advisories/GHSA-5v6x-2hpj-c37x" ], "name": "CVE-2023-0494", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow via a crafted PSD image file." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19107\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19107" ], "name": "CVE-2018-19107", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-266", "details": [ "The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.", "A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page." ], "statement": "This flaw can be triggered for static error pages only if the readonly property for the DefaultServlet is set to false in the $CATALINA_HOME/conf/web.xml file. The default for readonly is true.", "upstream_fix": "tomcat 8.0.44, tomcat 7.0.78, tomcat 8.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5664\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5664\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15" ], "name": "CVE-2017-5664", "mitigation": { "value": "If it is necessary to have the DefaultServlet property readonly=false, use a jsp error page, for example Error404.jsp rather than a static html error page. Alternatively do not specify an error-page in the Deployment Descriptor and use a custom ErrorReportValve.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-08T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7975\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7975" ], "name": "CVE-2014-7975", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption." ], "statement": "This issue affects the versions of qt5-qtimageformats and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19871\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19871" ], "name": "CVE-2018-19871", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2727\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2727\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-60.html" ], "name": "CVE-2015-2727", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5438\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5438\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5438" ], "name": "CVE-2017-5438", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-805->CWE-125", "details": [ "In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11085\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11085" ], "name": "CVE-2020-11085", "mitigation": { "value": "To mitigate this flaw in vulnerable versions, clipboard support should be disabled for freerdp sessions.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-13T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files." ], "statement": "This issue affects the versions of evince as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11459\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11459" ], "name": "CVE-2019-11459", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges André Bargull, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Kan-Ru Chen, Nathan Froyd, and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5398\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5398\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5398" ], "name": "CVE-2017-5398", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Catalin Dumitru as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5250\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5250\nhttps://www.mozilla.org/security/advisories/mfsa2016-84/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5250", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93." ], "upstream_fix": "thunderbird 91.2, firefox 91.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38500\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38500" ], "name": "CVE-2021-38500", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"" ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7174\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7174\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7174", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3." ], "upstream_fix": "bind 9.11.4-P2, bind 9.12.2-P2, bind 9.13.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5741\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5741\nhttps://kb.isc.org/docs/cve-2018-5741" ], "name": "CVE-2018-5741", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9661\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9661" ], "name": "CVE-2014-9661", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-203->CWE-787", "details": [ "The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9792\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9792\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9792" ], "name": "CVE-2019-9792", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.", "It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication." ], "upstream_fix": "httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2161\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2161\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" ], "name": "CVE-2016-2161", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95." ], "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43543\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43543" ], "name": "CVE-2021-43543", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "(CWE-122|CWE-190)->CWE-125", "details": [ "An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093.", "A heap-buffer out-of-bounds read flaw was found in libexif's MakerNote tag parser. This flaw allows an unauthenticated attacker or authenticated attacker with low privileges to exploit the flaw remotely in an application that uses libexif to process EXIF data from media files if the file upload is allowed. An attacker could create a specially crafted image file that, when processed by libexif, would cause the application to crash or, potentially expose data from the application's memory. This attack leads to a denial of service or a memory information leak that could assist in further exploitation." ], "upstream_fix": "libexif 0.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13112\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13112" ], "name": "CVE-2020-13112", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21967\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21967" ], "name": "CVE-2023-21967", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two different sites on two different windows running under the same application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kris Maglione as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11762\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11762\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762" ], "name": "CVE-2019-11762", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.", "A flaw was found in python-pillow. The vulnerability occurs due to improper initialization of image paths, leading to a buffer over-read and improper initialization. This flaw allows an attacker to unauthorized memory access that causes memory access errors, incorrect results, or crashes." ], "statement": "Red Hat Quay ships a vulnerable version of Pillow as a dependency of xhtml2pdf. The xhtml2pdf package is used in the invoice generation feature of Quay, however, the vulnerable ImagePath module is not used by xhtml2pdf. Therefore impact for Quay is rated Low.", "upstream_fix": "Pillow 9.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22816\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22816\nhttps://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" ], "name": "CVE-2022-22816", "csaw": false }, { "threat_severity": "Low", "public_date": "2024-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-703", "details": [ "nscd: netgroup cache assumes NSS callback uses in-buffer strings\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\nThis vulnerability is only present in the nscd binary.", "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash." ], "statement": "The identified flaw in the glibc netgroup cache, while significant in its potential to cause memory corruption and crashes, may be categorized as a low severity issue due to several factors. Firstly, the exploitation of this vulnerability requires specific conditions to be met, such as the presence of netgroup-related functionality and the ability to manipulate memory within the target system. Secondly, the impact of the vulnerability is limited to the context of the affected application or system component, rather than posing a system-wide or network-wide threat.\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-33602\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-33602" ], "name": "CVE-2024-33602", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-749", "details": [ "By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A vulnerability was found in Mozilla Firefox and Thunderbird. Privileged JSONView objects that have been cloned into content can be accessed using a form with a data URI. This flaw bypasses existing defense-in-depth mechanisms and can be exploited over the network." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11761\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11761\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761" ], "name": "CVE-2019-11761", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-19T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.", "A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code." ], "upstream_fix": "glibc 2.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9761\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9761" ], "name": "CVE-2014-9761", "mitigation": { "value": "Do not use any applications which call the affected nan* functions. These functions are used only very rarely.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2710\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2710\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-48.html" ], "name": "CVE-2015-2710", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-78", "details": [ "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka \"ShellShock.\" NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.", "A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6271\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6271\nhttps://access.redhat.com/articles/1200223\nhttps://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack" ], "csaw": true, "name": "CVE-2014-6271" }, { "threat_severity": "Moderate", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.", "A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4344\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4344" ], "name": "CVE-2014-4344", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Heather Miller (Google Skia team) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5467\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5467\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5467" ], "name": "CVE-2017-5467", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nBy carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during script execution. This could have led to memory corruption and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sergei Glazunov (Google Project Zero) as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6806\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6806\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806" ], "name": "CVE-2020-6806", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-12-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.", "A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL." ], "upstream_fix": "openssl 1.0.2d, openssl 1.0.1p, openssl 1.0.0t", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3196\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3196\nhttps://openssl.org/news/secadv/20151203.txt" ], "name": "CVE-2015-3196", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-26T18:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.", "A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command (by default, any local user can execute sudo) without authentication. Successful exploitation of this flaw could lead to privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw does not affect the versions of sudo shipped with Red Hat Enterprise Linux 5, because the vulnerable code was not present in these versions.", "upstream_fix": "sudo 1.9.5p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3156\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3156\nhttps://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt\nhttps://www.sudo.ws/alerts/unescape_overflow.html" ], "csaw": true, "name": "CVE-2021-3156", "mitigation": { "value": "Red Hat Product Security strongly recommends customers to update to fixed sudo packages once they are available. For customers who cannot update immediately, the following interim partial mitigation using systemtap is suggested:\n1. Install required systemtap packages and dependencies: \n```\nsystemtap yum-utils kernel-devel-\"$(uname -r)\"\n```\nThen for RHEL 7 install kernel debuginfo, using:\n```\ndebuginfo-install -y kernel-\"$(uname -r)\" \n```\nThen for RHEL 8 & 6 install sudo debuginfo, using:\n```\ndebuginfo-install sudo\n```\n2. Create the following systemtap script: (call the file as sudoedit-block.stap)\n```\nprobe process(\"/usr/bin/sudo\").function(\"main\") {\ncommand = cmdline_args(0,0,\"\");\nif (isinstr(command, \"edit\")) {\nraise(9);\n}\n}\n```\n3. Install the script using the following command: (using root)\n```\n# nohup stap -g sudoedit-block.stap &\n```\n(This should output the PID number of the systemtap script)\nThis script will cause the vulnerable sudoedit binary to stop working. The sudo command will still work as usual.\nThe above change does not persist across reboots and must be applied after each reboot.\nPlease consult How to make a systemtap kernel module load persistently across reboots? (https://access.redhat.com/solutions/5752521) to learn how to\nturn this into a service managed by initd. \n4. Once the new fixed packages are installed, the systemtap script can be removed by killing the systemtap process. For example, by using:\n```\n# kill -s SIGTERM 7590\n```\n(where 7590 is the PID of the systemtap process)", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.", "A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6053\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6053" ], "name": "CVE-2014-6053", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-03-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11045\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11045" ], "name": "CVE-2020-11045", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3900\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3900\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3900", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1." ], "upstream_fix": "Thunderbird 60.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11706\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11706\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-17/" ], "name": "CVE-2019-11706", "mitigation": { "value": "Thunderbird can be configured to use icaljs instead of libical by setting `calendar.icaljs = true` in preferences, mitigating this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-611", "details": [ "xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service", "It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000061\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000061" ], "name": "CVE-2017-1000061", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-06T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-122->CWE-190->CWE-194", "details": [ "revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.", "An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code." ], "statement": "Red Hat Product Security has rated these issues as having Important security impact. For additional information, refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/2201201", "upstream_fix": "git 2.6.6, git 2.5.5, git 2.7.4, git 2.4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2315\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2315" ], "csaw": true, "name": "CVE-2016-2315" }, { "threat_severity": "Important", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges zx from qriousec as the original reporter.", "upstream_fix": "thunderbird 102.10, firefox 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-29536\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29536\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29536" ], "name": "CVE-2023-29536", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.", "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to disclose the contents of arbitrary files." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3717\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3717" ], "name": "CVE-2016-3717", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.", "A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request." ], "upstream_fix": "httpd 2.2.34, httpd 2.4.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3169\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3169\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-3169", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-10-06T12:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.", "Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution." ], "acknowledgement": "This issue was discovered by Frediano Ziglio (Red Hat).", "upstream_fix": "spice-0.14.2 1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14355\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14355\nhttps://www.openwall.com/lists/oss-security/2020/10/06/10" ], "name": "CVE-2020-14355", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10096\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10096" ], "name": "CVE-2017-10096", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-02-24T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "In the Linux kernel, the following vulnerability has been resolved:\nsched/membarrier: reduce the ability to hammer on sys_membarrier\nOn some systems, sys_membarrier can be very expensive, causing overall\nslowdowns for everything. So put a lock on the path in order to\nserialize the accesses to prevent the ability for this to be called at\ntoo high of a frequency and saturate the machine.", "A flaw was found in sys_membarrier in the Linux kernel in sched/membarrier in how a user calls it at too high of a frequency. This flaw allows a local user to saturate the machine." ], "upstream_fix": "kernel 4.19.307, kernel 5.4.269, kernel 5.10.210, kernel 5.15.149, kernel 6.1.79, kernel 6.6.18, kernel 6.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-26602\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26602\nhttps://github.com/torvalds/linux/commit/944d5fe50f3f03daacfea16300e656a1691c4a23\nhttps://lore.kernel.org/linux-cve-announce/2024022414-CVE-2024-26602-5e76@gregkh/" ], "name": "CVE-2024-26602", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.", "It was discovered that libcurl could incorrectly reuse NTLM-authenticated connections for subsequent unauthenticated requests to the same host. If an application using libcurl established an NTLM-authenticated connection to a server, and sent subsequent unauthenticated requests to the same server, the unauthenticated requests could be sent over the NTLM-authenticated connection, appearing as if they were sent by the NTLM authenticated user." ], "statement": "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Daniel Stenberg (curl upstream) for reporting this issue. Upstream acknowledges Paras Sethia as the original reporter.", "upstream_fix": "curl 7.42.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3143\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3143\nhttp://curl.haxx.se/docs/adv_20150422A.html" ], "name": "CVE-2015-3143", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6." ], "upstream_fix": "LibreOffice 6.2.6, LibreOffice 6.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9851\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9851\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9851" ], "name": "CVE-2019-9851", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-250", "details": [ "base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.", "A vulnerability was found in the Linux kernel’s implementation of the AF_ISDN protocol, which does not enforce the CAP_NET_RAW capability. This flaw can allow unprivileged users to create a raw socket for this protocol. This could further allow the user to control the availability of an existing ISDN circuit." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17055\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17055" ], "name": "CVE-2019-17055", "mitigation": { "value": "At this time the only known way to 'mitigate' this flaw is to blacklist the kernel module from being loaded. Creating raw sockets with this protocol is a method of communicating with ISDN hardware, a technology that is becoming less and less common.\nCheck https://access.redhat.com/solutions/41278 for instructions on how to disable the mISDN_core.ko module.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-326", "details": [ "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity." ], "statement": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "acknowledgement": "Red Hat would like to thank Moshe Kol (JSOF) and Shlomi Oberman (JSOF) for reporting this issue.", "upstream_fix": "dnsmasq 2.83", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25685\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25685\nhttps://www.jsof-tech.com/disclosures/dnspooq/" ], "csaw": true, "name": "CVE-2020-25685", "mitigation": { "value": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit ` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system’s environment before applying.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2019-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.", "A flaw was found in the PowerPc platform, where the kernel will panic if the transactional memory is disabled. An attacker could use this flaw to panic the system by constructing a signal context through the transactional memory MSR bits set." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13648\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13648" ], "name": "CVE-2019-13648", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "status": "verified" }, "cwe": "CWE-126", "details": [ "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "upstream_fix": "xorg-server 21.1.12, xwayland 23.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-31081\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31081" ], "name": "CVE-2024-31081", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2012-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sabri Haddouche as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7829\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7829\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829" ], "name": "CVE-2017-7829", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chamal De Silva as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5443\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5443\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5443" ], "name": "CVE-2017-5443", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-03-21T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript." ], "statement": "This issue does not affect the version of thunderbird package as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0817\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0817\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-29" ], "name": "CVE-2015-0817", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.", "A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the version of the kernel packages as shipped with Red Hat Enterprise Linux 6 and 7, and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 will address this issue.\nFor further information please refer to the vulnerability article in the Customer Portal: https://access.redhat.com/security/vulnerabilities/blueborne", "acknowledgement": "Red Hat would like to thank Armis Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000251\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000251\nhttps://access.redhat.com/blogs/product-security/posts/blueborne\nhttps://access.redhat.com/security/vulnerabilities/blueborne\nhttps://access.redhat.com/solutions/3177231\nhttps://www.armis.com/blueborne/" ], "csaw": true, "name": "CVE-2017-1000251" }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11043\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11043" ], "name": "CVE-2020-11043", "mitigation": { "value": "To mitigate this flaw, do not use /rfx, /gfx or /network:auto command line options in the freerdp client.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400->CWE-476", "details": [ "In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.", "A flaw was found in the Linux kernel's implementation of networking tunnel device ioctl. A local attacker can cause a denial of service (NULL pointer dereference and panic) via an ioctl (TUNSETIFF) call with a dev name containing a / character." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7191\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7191" ], "name": "CVE-2018-7191", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-31T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.", "A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password lockout policy." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7551\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7551" ], "name": "CVE-2017-7551", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones.", "A flaw was discovered where git improperly validates submodules' names used to construct git metadata paths and does not prevent them from being nested in existing directories used to store another submodule's metadata. A remote attacker could abuse this flaw to trick a victim user into cloning a malicious repository containing submodules, which, when recursively cloned, would trigger the flaw and remotely execute code on the victim's machine." ], "statement": "This issue did not affect the versions of git as shipped with Red Hat Enterprise Linux 6 as they did not use submodules names to construct git metadata paths.", "upstream_fix": "git 2.21.1, git 2.15.4, git 2.20.2, git 2.22.2, git 2.14.6, git 2.16.6, git 2.17.3, git 2.24.1, git 2.19.3, git 2.23.1, git 2.18.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1387\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1387\nhttps://github.com/git/git/security/advisories/GHSA-4wfr-gwrh-8mj2" ], "name": "CVE-2019-1387", "mitigation": { "value": "Avoid running `git clone --recurse-submodules` and `git submodule update` with untrusted repositories.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-26T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2." ], "statement": "Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "firefox 59.0.2, firefox 52.7.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5148\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5148\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-10/" ], "name": "CVE-2018-5148", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8945\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8945" ], "name": "CVE-2018-8945", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "FreeIPA uses a default password policy that locks an account after 5 unsuccessful authentication attempts, which allows remote attackers to cause a denial of service by locking out the account in which system services run on.", "It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services." ], "acknowledgement": "This issue was discovered by Petr Spacek (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7030\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7030" ], "name": "CVE-2016-7030", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFile for an xkb_geometry section was mishandled." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15855\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15855" ], "name": "CVE-2018-15855", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird < 78.10.2." ], "upstream_fix": "thunderbird 78.10.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29957\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29957" ], "name": "CVE-2021-29957", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-22T14:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-285", "details": [ "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root." ], "statement": "The vulnerable method SetAll() allows the non-root user to Local Privilege Escalation. The vulnerable method is present since subscription-manager-1.26.15-1. Currently, RHEL-8.2. and above contains the vulnerable code.\nHowever, before the SetAll() was introduced, the worst thing that could happen is to unregister the system and cut off system from updates. No privilege escalation is possible in RHEL-7.9, and RHEL-8.1 as those streams ships subscription-manager-1.25.17.1-1 and prior. Making it Moderate issue for those streams.\nSo, the vulnerability has always been there, the SetAll() method that introduced with later version in subscription-manager turned it to a to Local Privilege Escalation.", "acknowledgement": "This issue was discovered by Thibault Guittet (Senior Product Security Engineer, Red Hat).", "upstream_fix": "subscription-manager 1.29.37, subscription-manager 1.28.36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3899\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3899" ], "name": "CVE-2023-3899", "mitigation": { "value": "A workaround is to mask rhsm.service using: \n~~~\nsystemctl mask rhsm.service\n~~~\nWhen the rhsm.service is masked, then no D-Bus call cannot trigger the service and all D-Bus calls will be terminated with error: \"Call failed: Could not activate remote peer.\" But then all applications using D-Bus API will not work until you unmask the service using: \"systemctl unmask rhsm.service\"", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-444", "details": [ "In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.", "A flaw was found in python-twisted-web, where it does not correctly process HTTP requests, accepting requests with more than one Content-Length header. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example, a proxy, back-end, or web application firewall, a remote attacker can use this flaw to perform an HTTP request smuggling attack. This flaw impacts the system differently based on the type of application and the infrastructure." ], "statement": "OpenShift Container Platform 4.3 and later includes `python-twisted` as a dependency of `python-prometheus_client` in Ironic container images, however the affected code is not used.\nRed Hat OpenStack Platform packages the flawed code, however python-twisted's web.HTTP functionality is not used in the RHOSP environment. For this reason, the RHOSP impact has been lowered to moderate and no update will be provided at this time for the RHOSP python-twisted package.\nRed Hat Satellite uses affected versions of `python-twisted` and `python-twisted-web` modules in Pulp, however, it is not vulnerable since `http` modal of web implementation is not expose in product. Red Hat Satellite may update `python-twisted` and `python-twisted-web` in future.\nThis issue affects the version of python-twisted(embedded in calamari-server) shipped with Red Hat Ceph Storage 2. However, calamari is no longer supported, hence the embedded python-twisted package will not be fixed.", "upstream_fix": "twisted 20.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10108\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10108\nhttps://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst" ], "name": "CVE-2020-10108", "mitigation": { "value": "When python-twisted-web is used as the back-end of your infrastructure, you can partially mitigate the problem by ensuring that each request on the front-end component (e.g. proxy) is sent over a separate network connection to the python-twisted-web server. This will prevent interference between different users, but it will not prevent all possible attacks that can be performed, which would vary based on the infrastructure and application in use.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges F. Alonso (revskills) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12362\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12362\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12362" ], "name": "CVE-2018-12362", "csaw": false }, { "threat_severity": "Critical", "public_date": "2022-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.", "An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise" ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA as the original reporter.", "upstream_fix": "Thunderbird 91.6.2, Firefox 97.0.2, Firefox ESR 91.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-26486\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26486" ], "name": "CVE-2022-26486", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-02T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.", "A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5722\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5722\nhttps://kb.isc.org/article/AA-01287/0" ], "name": "CVE-2015-5722", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.", "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel can cause a NULL pointer dereference in xfs_ilock_attr_map_shared function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted xfs filesystem image to cause a kernel panic and thus a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10322\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10322" ], "name": "CVE-2018-10322", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-17T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "The cert_revoke command in FreeIPA does not check for the \"revoke certificate\" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the \"retrieve certificate\" permission.", "An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack." ], "acknowledgement": "This issue was discovered by Fraser Tweedale (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5404\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5404" ], "name": "CVE-2016-5404", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls.", "It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow resulting in a system crash or a privilege escalation." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5.\nIn a default or common use of Red Hat Enterprise Linux 6 and 7 this issue does not allow an unprivileged local user elevate their privileges on the system. In order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux 6 does not have namespaces support and Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local unprivileged users also cannot abuse namespaces feature to grant this capability to themselves and elevate their privileges.\nSo, this issue does not affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 in the default configuration. Future updates for the respective releases will address this issue to secure non-default configurations.\nIn the non-default configuration mentioned above only Red Hat Enterprise Linux 7 is vulnerable to a privilege escalation. Red Hat Enterprise Linux 6 is vulnerable only to a denial of service (DoS) due to a system crash, hence the impact on Red Hat Enterprise Linux 6 is rated as being Moderate.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7308\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7308\nhttps://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html" ], "name": "CVE-2017-7308", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." ], "upstream_fix": "thunderbird 68.11, thunderbird 78.1, firefox 68.11, chromium-browser 81.0.4044.122", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6463\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6463\nhttps://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html" ], "name": "CVE-2020-6463", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11086\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11086" ], "name": "CVE-2020-11086", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5296\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5296\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-5296", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5270\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5270\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5270", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Golubovic as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1954\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1954\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-17.html" ], "name": "CVE-2016-1954", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10348\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10348" ], "name": "CVE-2017-10348", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.", "It was found that glusterfs server does not properly sanitize file paths in the \"trusted.io-stats-dump\" extended attribute which is used by the \"debug/io-stats\" translator. An attacker can use this flaw to create files and execute arbitrary code. To exploit this, the attacker would require sufficient access to modify the extended attributes of files on a gluster volume." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10904\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10904" ], "name": "CVE-2018-10904", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks against authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-682", "details": [ "A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges JunYoung Park as the original reporter.", "upstream_fix": "thunderbird 102.10, firefox 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-29548\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29548\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29548" ], "name": "CVE-2023-29548", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Carl Smith and working with Google Project Zero as the original reporters.", "upstream_fix": "firefox 79, firefox 78.1, thunderbird 78.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15656\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15656\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15656" ], "name": "CVE-2020-15656", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory safety bugs present in Firefox 95 and Firefox ESR 91.4. Some of these bugs showed evidence of memory corruption, some of which could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22751\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22751\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22751\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22751" ], "name": "CVE-2022-22751", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9675\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9675" ], "name": "CVE-2014-9675", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-04-11T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.", "A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2851\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2851" ], "name": "CVE-2014-2851", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-459", "details": [ "An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.", "A denial of service flaw was found in fuse_do_getattr in fs/fuse/dir.c in the kernel side of the FUSE filesystem in the Linux kernel. A local user could use this flaw to crash the system." ], "statement": "This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux from 8.3 and prior the versions. RHEL 8.4 and later versions are not affected.", "upstream_fix": "Linux kernel 5.11-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-36322\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36322\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d069dbe8aaf2a197142558b6fb2978189ba3454" ], "name": "CVE-2020-36322", "mitigation": { "value": "As the FUSE module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install fuse /bin/true\" >> /etc/modprobe.d/disable-fuse.conf\nThe system will need to be restarted if the FUSE modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while the FUSE filesystems are in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-27T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", "A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requires_preauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line dictionary attack against the user's password." ], "statement": "This issue does not affect the version of krb5 package as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2694\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2694" ], "name": "CVE-2015-2694", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.", "CVE-2020-1938 is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE)." ], "statement": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1745", "upstream_fix": "tomcat 9.0.31, tomcat 8.5.51, tomcat 7.0.100", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1938\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1938\nhttps://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51\nhttps://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31\nhttps://www.cnvd.org.cn/webinfo/show/5415\nhttps://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" ], "name": "CVE-2020-1938", "mitigation": { "value": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2802\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2802\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2802", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.", "An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap corruption. This flaw allows an attacker to use a malicious client to cause a denial of service of an iperf3 server or potentially use a malicious server to cause connecting clients to crash." ], "statement": "The most common usage of iperf3 is temporary and between trusted devices on private networks. Users may be impacted by this vulnerability if they are hosting publicly available iperf3 servers or are connecting to iperf3 servers they do not control or trust.", "upstream_fix": "iperf 3.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-38403\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38403\nhttps://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc" ], "name": "CVE-2023-38403", "mitigation": { "value": "Do not run iperf3 as a publicly accessible service unless required. If required, restrict availability to the iperf3 server to only allow access from network ranges of trusted clients. Do not connect to iperf3 servers that you do not trust.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "statement": "Firefox on Red Hat Enterprise Linux is built against the system nss library.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Henry Corrigan-Gibbs as the original reporter.", "upstream_fix": "nss 3.36.8, nss 3.47, nss 3.44.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11719\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11719\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719" ], "name": "CVE-2019-11719", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.", "An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure." ], "upstream_fix": "krb5 1.14.1, krb5 1.13.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8629\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8629" ], "name": "CVE-2015-8629", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7756\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7756\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756" ], "name": "CVE-2017-7756", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.", "It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8797\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8797" ], "name": "CVE-2017-8797", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe `Content-Security-Policy-Report-Only` header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Johan Carlsson as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25728\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25728\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25728\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25728" ], "name": "CVE-2023-25728", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-29T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.", "A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9529\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9529" ], "name": "CVE-2014-9529", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).", "OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key." ], "upstream_fix": "openssl 1.1.0i, openssl 1.0.2p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0737\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0737\nhttp://www.openwall.com/lists/oss-security/2018/04/16/3\nhttps://www.openssl.org/news/secadv/20180416.txt" ], "name": "CVE-2018-0737", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", "It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an application using libcurl, could write a NULL byte at an arbitrary location, resulting in a crash or an unspecified behavior." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Duy Phan Thanh as the original reporter.", "upstream_fix": "curl 7.59.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000120\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000120\nhttps://curl.haxx.se/docs/adv_2018-9cd6.html" ], "name": "CVE-2018-1000120", "mitigation": { "value": "Preventing application from using non-default CURLOPT_FTP_FILEMETHOD will avoid triggering the vulnerable code.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.", "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10878\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10878" ], "name": "CVE-2018-10878", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-357", "details": [ "By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108.", "The Mozilla Foundation Security Advisory describes this flaw as:\nBy confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "thunderbird 102.7, firefox 102.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46877\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46877\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46877\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46877" ], "name": "CVE-2022-46877", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-05T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote read-only users to obtain the VNC password by using the VIR_DOMAIN_XML_MIGRATABLE flag, which triggers the use of the VIR_DOMAIN_XML_SECURE flag.", "It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data." ], "statement": "This issue does not affect the versions of libvirt packages as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of libvirt packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "acknowledgement": "This issue was discovered by Eric Blake (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7823\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7823" ], "name": "CVE-2014-7823", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory corruption in the networking stack could have led to a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kershaw Chang as the original reporter.", "upstream_fix": "firefox 115.12, thunderbird 115.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-5702\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5702\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5702\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5702" ], "name": "CVE-2024-5702", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-11-10T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.", "A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Liu Wei (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7841\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7841" ], "name": "CVE-2014-7841", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-01-22T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.", "A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue did not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Sun Baoliang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1421\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1421" ], "name": "CVE-2015-1421", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 68.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17024\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17024\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024" ], "name": "CVE-2019-17024", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-120", "details": [ "Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.", "An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8140\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8140\nhttp://www.ocert.org/advisories/ocert-2014-011.html" ], "name": "CVE-2014-8140", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-28T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:C", "status": "verified" }, "cwe": "CWE-119", "details": [ "kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number.", "An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3917\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3917" ], "name": "CVE-2014-3917", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4449\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4449" ], "name": "CVE-2016-4449", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11070\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11070" ], "name": "CVE-2019-11070", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Poppler before 0.66.0 has an integer overflow in Parser::makeStream in Parser.cc." ], "upstream_fix": "poppler 0.76.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-21009\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-21009" ], "name": "CVE-2018-21009", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-16T00:00:00Z", "cvss": { "cvss_base_score": "1.5", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply." ], "acknowledgement": "This issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5748\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5748" ], "name": "CVE-2018-5748", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-11-14T06:30:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-221", "details": [ "Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.", "A flaw was found in some of AMD CPU's due to improper or unexpected behavior of the INVD. This issue may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU, potentially leading to a loss of guest virtual machine (VM) memory integrity." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-20592\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20592\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html" ], "name": "CVE-2023-20592", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-17T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.", "Use after free vulnerability was found in percpu using previously allocated memory in bpf. First __alloc_percpu_gfp() is called, then the memory is freed with free_percpu() which triggers async pcpu_balance_work and then pcpu_extend_area_map could use a chunk after it has been freed." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 and may be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4794" ], "name": "CVE-2016-4794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-434", "details": [ "Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands.
*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nFirefox did not properly handle downloads of files ending in `.desktop`, which can be interpreted to run attacker-controlled commands.\n*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*" ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ameen Basha M K as the original reporter.", "upstream_fix": "thunderbird 102.10, firefox 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-29541\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29541\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29541" ], "name": "CVE-2023-29541", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.", "It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Juraj Somorovsky as the original reporter.", "upstream_fix": "openssl 1.0.1t, openssl 1.0.2h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2107\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2107\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2107", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.", "A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Peter Eriksson (IT Department, Linköping University) as the original reporter.", "upstream_fix": "samba 4.14.4, samba 4.13.8, samba 4.12.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20254\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20254\nhttps://www.samba.org/samba/security/CVE-2021-20254.html" ], "name": "CVE-2021-20254", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-11-07T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.", "A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-2929\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2929" ], "name": "CVE-2013-2929", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort." ], "upstream_fix": "389-ds-base 1.3.8.7, 389-ds-base 1.4.0.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10935\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10935" ], "name": "CVE-2018-10935", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.", "A flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0470\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0470\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0470", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-16T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.", "It was discovered that the atl2_probe() function in the Atheros L2 Ethernet driver in the Linux kernel incorrectly enabled scatter/gather I/O. A remote attacker could use this flaw to obtain potentially sensitive information from the kernel memory." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 as the suspected driver does not advertise that it has scatter-gather feature, which presence is essential for the flaw.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2, namely the [atl2] Ethernet driver which is the only driver affected. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Justin Yackoski (Cryptonite) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2117\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2117" ], "name": "CVE-2016-2117", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-212", "details": [ "When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11711\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11711\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11711" ], "name": "CVE-2019-11711", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.", "A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.10.3-P4, bind 9.9.8-S6, bind 9.9.8-P4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1285\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1285\nhttps://kb.isc.org/article/AA-01352" ], "name": "CVE-2016-1285", "mitigation": { "value": "Restrict access to the control channel (by using the \"controls\" configuration statement in named.conf) to allow connection only from trusted systems.\nNote that if no \"controls\" statement is present, named defaults to allowing control channel connections only from localhost (127.0.0.1 and ::1) if and only if the file rndc.key exists in the configuration directory and contains valid key syntax. If rndc.key is not present and no \"controls\" statement is present in named.conf, named will not accept commands on the control channel.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16646\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16646" ], "name": "CVE-2018-16646", "csaw": false }, { "public_date": "2022-06-02T00:00:00Z", "cwe": "CWE-416", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." ], "statement": "Red Hat Product Security does not consider this to be a vulnerability.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1966\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1966" ], "name": "CVE-2022-1966", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anonymous as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5405\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5405\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5405" ], "name": "CVE-2017-5405", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-15T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-841", "details": [ "arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.", "A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 4, 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux\nkernel updates for the respective releases will address this issue.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9322\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9322" ], "name": "CVE-2014-9322", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker", "A flaw was found in bind. An assertion failure can occur when a specially crafted query for a zone signed with an RSA key. BIND must be compiled with \"--enable-native-pkcs11\" for the system to be affected. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Lyu Chiy as the original reporter.", "upstream_fix": "bind 9.11.22, bind 9.16.6, bind 9.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8623\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8623\nhttps://kb.isc.org/docs/cve-2020-8623" ], "name": "CVE-2020-8623", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The \"OpenID Connect Relying Party and OAuth 2.0 Resource Server\" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an \"AuthType oauth20\" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.", "It was found that mod_auth_openidc did not properly sanitize HTTP headers for certain request paths. A remote attacker could potentially use this flaw to bypass authentication and access sensitive information by sending crafted HTTP requests." ], "upstream_fix": "mod_auth_openidc 2.1.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6413\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6413\nhttps://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.6" ], "name": "CVE-2017-6413", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring.", "A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct snd_timer_instance function fails the timer->max_instances check leading to an invalid address. This could lead to a use-after-free vulnerability." ], "statement": "This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux 8 starting with RHEL-8.1.0, that is Red Hat Enterprise Linux 8.1 GA kernel version.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19807\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19807" ], "name": "CVE-2019-19807", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.", "A flaw was found in the allocate_trace_buffer in kernel/trace/trace.c in the debug subsystem, when failure to allocate a dynamic percpu area, a resource cleanup is called. The pointer (buf->buffer) still holds the address and is not set to NULL, which can cause a use-after-free problem, leading to a dangling pointer issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18595\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18595" ], "name": "CVE-2017-18595", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-07T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.", "A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter.", "upstream_fix": "samba 4.3.11, samba 4.4.5, samba 4.2.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2119\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2119" ], "name": "CVE-2016-2119", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-06T17:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385->CWE-200", "details": [ "An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.\nTo exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further.\nOn January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities (known as Spectre) involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. This vulnerability, released on August 6, 2019, is a variant of the Spectre Variant 1 speculative execution side channel vulnerability and has been assigned CVE-2019-1125.\nMicrosoft released a security update on July 9, 2019 that addresses the vulnerability through a software change that mitigates how the CPU speculatively accesses memory. Note that this vulnerability does not require a microcode update from your device OEM.", "A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1125\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1125" ], "csaw": true, "name": "CVE-2019-1125", "mitigation": { "value": "For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/4329821", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2014-11-14T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.", "A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nFuture kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8884\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8884" ], "name": "CVE-2014-8884", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-26T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-184", "details": [ "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.", "It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system() or popen() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute arbitrary commands with elevated privileges." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat).", "upstream_fix": "sudo 1.8.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7032\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7032\nhttps://www.sudo.ws/alerts/noexec_bypass.html" ], "name": "CVE-2016-7032", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-09T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-400", "details": [ "java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.", "It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service." ], "upstream_fix": "Tomcat 6.0.43, Tomcat 7.0.55, JBossWeb 7.4.6.Final", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0227\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0227\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.43\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55" ], "name": "CVE-2014-0227", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later." ], "upstream_fix": "squid 3.5.28, squid 4.0.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000024\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000024" ], "name": "CVE-2018-1000024", "mitigation": { "value": "A workaround for this issue is to not use the internal ESI parser, which can be achieved by adding either the \"esi_parser expat\" or \"esi_parser libxml2\" configuration directive to the squid configuration file (for example /etc/squid/squid.conf).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.", "A flaw was found in Git, a distributed revision control system. When parsing gitattributes, a mechanism to allow defining attributes for paths, multiple integer overflows can occur when there is a huge number of path patterns, attributes for a single pattern, or declared attribute names. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index, or both. This integer overflow can result in arbitrary heap reads and writes, which may allow remote code execution." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-23521\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23521\nhttps://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/\nhttps://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf\nhttps://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89\nhttps://www.openwall.com/lists/oss-security/2023/01/17/4" ], "name": "CVE-2022-23521", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-11T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data." ], "upstream_fix": "Python 3.4.3, Python 2.7.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9365\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9365" ], "name": "CVE-2014-9365", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-21T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.", "A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage (swiftonfile). By adding metadata in several separate calls, a malicious user could bypass the max_meta_count constraint, and store more metadata than allowed by the configuration." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8177\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8177" ], "name": "CVE-2014-8177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations." ], "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22745\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22745" ], "name": "CVE-2022-22745", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.", "A flaw was found in the way catastrophic backtracking was implemented in python's pop3lib's apop() method. An attacker could use this flaw to cause denial of service." ], "acknowledgement": "Red Hat would like to thank the Python security response team for reporting this issue.", "upstream_fix": "python 3.4.9, python 3.6.5rc1, python 3.7.0, python 3.5.6, python 2.7.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1060\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1060\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final" ], "name": "CVE-2018-1060", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10090\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10090" ], "name": "CVE-2017-10090", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Thunderbird 91.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4129\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4129\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-4129\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-4129" ], "name": "CVE-2021-4129", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.\nTo exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.\nMicrosoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.\nFor guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).\nWhen the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.", "A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator\nprivileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "As per upstream samba domain controllers (AD and NT4-like) can be impacted by the ZeroLogon CVE-2020-1472. Samba packages shipped with Red Hat Gluster Storage 3, Red Hat Enterprise Linux 7 and 8 are not vulnerable by default, since they have \"server schannel\" enabled by default in its configuration file.", "upstream_fix": "samba 4.10.18, samba 4.11.13, samba 4.12.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1472\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1472\nhttps://kb.cert.org/vuls/id/490028#Samba\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472\nhttps://www.samba.org/samba/security/CVE-2020-1472.html" ], "name": "CVE-2020-1472", "mitigation": { "value": "This flaw can be mitigated by using \"server schannel = yes\" in the smb.conf configuration file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-200", "details": [ "If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Damian Poddebniak as the original reporter.", "upstream_fix": "thunderbird 68.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12398\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12398\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398" ], "name": "CVE-2020-12398", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Randell Jesup as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6862\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6862\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862" ], "name": "CVE-2023-6862", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.", "A flaw was found in python. A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application. The highest threat from this vulnerability is to system availability." ], "statement": "This flaw could have had a higher Impact, however our packages are compiled with FORTIFY_SOURCE, which provides runtime protection to some memory and string functions and prevents this flaw from actually overwriting the buffer and potentially executing code.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3177\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3177" ], "name": "CVE-2021-3177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).", "It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3509\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3509\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3509", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4911\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4911\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4911", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-120|CWE-121|CWE-122)", "details": [ "Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Sebastian Hengst, Tom Ritter, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7810\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7810\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810" ], "name": "CVE-2017-7810", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2805\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2805\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-39.html" ], "name": "CVE-2016-2805", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-119|CWE-120)", "details": [ "A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the function _GetCountedString of the file xkb/xkb.c. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211051.", "A flaw was found in the xorg-x11-server package. A buffer overflow can occur in the _GetCountedString function in xkb/xkb.c due to improper input validation, allowing for possible escalation of privileges, execution of arbitrary code, or a denial of service." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-3550\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3550" ], "name": "CVE-2022-3550", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1." ], "upstream_fix": "libical 2.0.0, Thunderbird 60.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11703\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11703\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-17/" ], "name": "CVE-2019-11703", "mitigation": { "value": "Thunderbird can be configured to use icaljs instead of libical by setting `calendar.icaljs = true` in preferences, mitigating this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4473\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4473\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-79.html" ], "name": "CVE-2015-4473", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow can occur when manipulating the SVG \"animatedPathSegList\" through script. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5127\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5127\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5127" ], "name": "CVE-2018-5127", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-21T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.", "An off-by-one error leading to a crash was discovered in openldap's processing of DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses." ], "acknowledgement": "This issue was discovered by Matt Rogers (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8182\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8182" ], "name": "CVE-2014-8182", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea787807a7cdc168df832544b58eba6 incomplete fix for a race condition. The code mishandles a certain multithreaded case involving a packet_do_bind unregister action followed by a packet_notifier register action. Later, packet_release operates on only one of the two applicable linked lists. The attacker can achieve Program Counter control.", "A use-after-free flaw can occur in the Linux kernel due to a race condition between packet_do_bind() and packet_notifier() functions called for an AF_PACKET socket. An unprivileged, local user could use this flaw to induce kernel memory corruption on the system, leading to an unresponsive system or to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18559\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18559\nhttps://blogs.securiteam.com/index.php/archives/3731" ], "name": "CVE-2018-18559", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-23T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125->CWE-200", "details": [ "Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a \"buffer\" function.", "An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control those arguments could use this flaw to disclose portions of the application memory or cause it to crash." ], "statement": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 7. A future update may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "python 2.7.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7185\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7185" ], "name": "CVE-2014-7185", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-552", "details": [ "The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ophir LOJKINE as the original reporter.", "upstream_fix": "thunderbird 68.8.0, firefox 68.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12392\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12392\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392" ], "name": "CVE-2020-12392", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "A mechanism to spoof the addressbar through the user interaction on the addressbar and the \"onblur\" event. The event could be used by script to affect text display to make the loaded site appear to be different from the one actually loaded within the addressbar. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordi Chancel as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5451\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5451\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5451" ], "name": "CVE-2017-5451", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.", "A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14495\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14495\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14495" }, { "threat_severity": "Moderate", "public_date": "2020-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8844\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8844\nhttps://webkitgtk.org/security/WSA-2020-0001.html" ], "name": "CVE-2019-8844", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.", "It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Vitaly Mayatskih for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12190\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12190" ], "name": "CVE-2017-12190", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..", "A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by memory corruption in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-30761\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30761\nhttps://webkitgtk.org/security/WSA-2021-0004.html" ], "name": "CVE-2021-30761", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2583\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2583" ], "name": "CVE-2020-2583", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-07-19T20:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-192", "details": [ "The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-34169\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34169" ], "name": "CVE-2022-34169", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Thunderbird 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Andrew McCreight and Gabriele Svelto reported memory safety bugs present in Firefox 106 and Firefox ESR 102.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers as the original reporter.", "upstream_fix": "thunderbird 102.5, firefox 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45421\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45421\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45421\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45421" ], "name": "CVE-2022-45421", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ben Seri, Gregory Vishnepolsky, and Samy Kamkar as the original reporters.", "upstream_fix": "thunderbird 78.9, firefox 78.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23982\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23982\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23982" ], "name": "CVE-2021-23982", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges The Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "thunderbird 115.1, firefox 115.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4057\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4057\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057" ], "name": "CVE-2023-4057", "csaw": false }, { "threat_severity": "Critical", "public_date": "2021-01-06T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet." ], "statement": "Regarding Thunderbird: in general this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ned Williamson as the original reporter.", "upstream_fix": "chromium-browser 88.0.4324.96, thunderbird 78.6.1, firefox 84.0.2, firefox 78.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-16044\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-16044\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044" ], "name": "CVE-2020-16044", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.", "An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14494\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14494\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14494" }, { "threat_severity": "Low", "public_date": "2016-04-23T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.", "A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data." ], "upstream_fix": "openssl 1.0.1t, openssl 1.0.2h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2109\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2109\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2109", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "(CWE-200|CWE-125)", "details": [ "An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.", "A flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available.", "acknowledgement": "Red Hat would like to thank Adam Nichols (GRIMM) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27364\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27364" ], "name": "CVE-2021-27364", "mitigation": { "value": "The LIBISCSI module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install libiscsi /bin/true\" >> /etc/modprobe.d/disable-libiscsi.conf\nThe system will need to be restarted if the libiscsi modules are loaded. In most circumstances, the libiscsi kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf the system requires iscsi to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.", "A flaw was found in krb5. The Key Distribution Center (KDC) in MIT Kerberos 5 has a NULL pointer dereference via a FAST inner body that lacks a server field. An authenticated attacker could use this flaw to crash the Kerberos KDC server. The highest threat from this vulnerability is to system availability." ], "upstream_fix": "krb5 1.18.5, krb5 1.19.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-37750\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-37750" ], "name": "CVE-2021-37750", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8820\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8820\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8820", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird < 52.5.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges cure53 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7848\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7848\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848" ], "name": "CVE-2017-7848", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2735\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2735\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2735", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21277\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21277" ], "name": "CVE-2022-21277", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102.10, firefox 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-29550\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29550\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29550" ], "name": "CVE-2023-29550", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's sandbox." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.6, firefox 91.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22759\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22759\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22759\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22759" ], "name": "CVE-2022-22759", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-444", "details": [ "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling", "A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling." ], "upstream_fix": "httpd 2.4.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22720\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22720\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720" ], "name": "CVE-2022-22720", "mitigation": { "value": "There are currently no known mitigations for this issue.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-27T20:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.", "A use-after-free flaw was found in the Linux kernel’s vmw_execbuf_copy_fence_user function in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c in vmwgfx. This flaw allows a local attacker with user privileges to cause a privilege escalation problem." ], "upstream_fix": "Kernel 5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22942\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22942" ], "name": "CVE-2022-22942", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module vmwgfx onto the system until we have a fix available. This can be done by a blacklist mechanism and ensures the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-03T22:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-385->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/speculativeexecution", "acknowledgement": "Red Hat would like to thank Google Project Zero for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5753\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5753\nhttps://access.redhat.com/security/vulnerabilities/speculativeexecution\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://spectreattack.com/" ], "csaw": true, "name": "CVE-2017-5753" }, { "threat_severity": "Important", "public_date": "2021-10-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.", "A flaw was found in the FreeRDP client when it fails to validate input data when using gateway connections. This flaw could allow a malicious gateway to send a specially crafted input to a client leading to an out of bounds write in client memory. The highest threat from this flaw is that it could allow arbitrary code to be executed on the target system." ], "upstream_fix": "FreeRDP 2.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-41159\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41159" ], "name": "CVE-2021-41159", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alexis Beingessner, Andrew McCreight, André Bargull, Byron Campen, Christian Holler, Jason Kratzer, Jesse Schwartzentruber, Jon Coppeard, Steve Fink, and Tyson Smith as the original reporters.", "upstream_fix": "thunderbird 78.7, firefox 78.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23964\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23964\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23964" ], "name": "CVE-2021-23964", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-138", "details": [ "vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.", "A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim." ], "upstream_fix": "vim 8.0.0056", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1248\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1248" ], "name": "CVE-2016-1248", "mitigation": { "value": "Disabling modeline support in .vimrc by adding \"set nomodeline\" will prevent exploitation of this flaw. By default, modeline is enabled for ordinary users but disabled for root.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yan as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2722\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2722\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-65.html" ], "name": "CVE-2015-2722", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-29T13:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.", "A flaw was found in the Linux kernel’s Bluetooth implementation of UART. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10207\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10207" ], "name": "CVE-2019-10207", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "(CWE-287|CWE-322)", "details": [ "Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround.", "A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could interfere with cross-device verification to authenticate their own device." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Benjamin Dowling (Security of Advanced Systems Group University of Sheffield), Martin R. Albrecht and Dan Jones (Information Security Group at Royal Holloway University London), and Sofía Celi (Brave Software) as the original reporters.", "upstream_fix": "thunderbird 102.3.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-39250\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39250\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-43/#CVE-2022-39250" ], "name": "CVE-2022-39250", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-667", "details": [ "The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.", "The fix for CVE-2019-11599 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls." ], "statement": "The Red Hat Enterprise Linux 7 kernel versions prior to Red Hat Enterprise Linux 7.7 GA kernel (version 3.10.0-1062 released via RHSA-2019:2029) were never affected by CVE-2019-14898 (ie the incomplete fix for CVE-2019-1159) because they never backported the incomplete fix for CVE-2019-11599 in the first place; CVE-2019-11599 was fixed there fully, ie backport consisted of both CVE-2019-11599 and CVE-2019-14898 patches.", "acknowledgement": "This issue was discovered by Vladis Dronov (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14898\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14898\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1790\nhttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.114\nhttps://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.37\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.10" ], "name": "CVE-2019-14898", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-400", "details": [ "Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.", "It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources." ], "statement": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by David Jorm (Red Hat Product Security).", "upstream_fix": "tomcat 6.0.41, tomcat 7.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0075\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0075" ], "name": "CVE-2014-0075", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-29T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long catalog name.", "A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code." ], "upstream_fix": "glibc 2.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8779\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8779" ], "name": "CVE-2015-8779", "mitigation": { "value": "Do not use applications which call catopen with unbounded strings. The catopen function is rarely used. Typical application usage involves passing a short, constant string to catopen, so most applications are not affect even if they call catopen.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Ebert as the original reporter.", "upstream_fix": "thunderbird 102.3, firefox 102.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40959\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40959\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40959" ], "name": "CVE-2022-40959", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6237\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6237\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-6237", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.", "A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. In the worst case (and likely most common virtualization) scenario this flaw affects KVM/qemu hypervisor enabled hosts running Linux guests." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/kernel-vhost", "acknowledgement": "Red Hat would like to thank Peter Pi (Tencent Blade Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14835\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14835\nhttps://access.redhat.com/security/vulnerabilities/kernel-vhost\nhttps://www.openwall.com/lists/oss-security/2019/09/17/1" ], "csaw": true, "name": "CVE-2019-14835", "mitigation": { "value": "For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/kernel-vhost", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jan-Ivar Bruaroey as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6812\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6812\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812" ], "name": "CVE-2020-6812", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.", "A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.9.8-P4, bind 9.10.3-P4, bind 9.9.8-S6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1286\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1286\nhttps://kb.isc.org/article/AA-01353" ], "name": "CVE-2016-1286", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.", "An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0797\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0797\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.", "A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Benkocs Norbert Attila as the original reporter.", "upstream_fix": "postgresql 9.4.2, postgresql 9.3.7, postgresql 9.1.16, postgresql 9.0.20, postgresql 9.2.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3165\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3165" ], "name": "CVE-2015-3165", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and they may uploaded to a server. It was demonstrated that in combination with a popular Android messaging app, if a malicious HTML attachment is sent to a user and they opened that attachment in Firefox, due to that app's predictable pattern for locally-saved file names, it is possible to read attachments the victim received from other correspondents. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Luigi Gubello as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11730\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11730\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730" ], "name": "CVE-2019-11730", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.", "A vulnerability was found in X.Org. This issue occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46341\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46341" ], "name": "CVE-2022-46341", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8687\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8687\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8687", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10281\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10281" ], "name": "CVE-2017-10281", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-117", "details": [ "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later." ], "upstream_fix": "squid 4.0.23, squid 3.5.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000027\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000027" ], "name": "CVE-2018-1000027", "mitigation": { "value": "A workaround for this issue is to set the \"log_uses_indirect_client off\" configuration directive in the squid configuration file (for example /etc/squid/squid.conf).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8100\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8100\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8100", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.", "A flaw was found in glusterfs server which allowed clients to create io-stats dumps on server node. A remote, authenticated attacker could use this flaw to create io-stats dump on a server without any limitation and utilizing all available inodes resulting in remote denial of service." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14659\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14659" ], "name": "CVE-2018-14659", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2978\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2978" ], "name": "CVE-2019-2978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-456->(CWE-416|CWE-822)", "details": [ "An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions." ], "upstream_fix": "libexif 0.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13113\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13113" ], "name": "CVE-2020-13113", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11040\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11040" ], "name": "CVE-2020-11040", "mitigation": { "value": "The flaw can be mitigated by not running the freerdp client with the /gfx connection modes and/or not connecting to untrusted or compromised rdp servers.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-09T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.", "A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via 'setxattr' sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in 'chmod'." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.\nThis flaw was fixed in the Red Hat products as a part of the CVE-2016-7097 fix.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5551\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5551" ], "name": "CVE-2017-5551", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.", "A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9131\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9131\nhttps://kb.isc.org/article/AA-01439" ], "name": "CVE-2016-9131", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges R (Zero Day LLC) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12393\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12393\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393" ], "name": "CVE-2018-12393", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute." ], "statement": "Red Hat Satellite 6.2 and newer versions don't use the bootstrap library, hence are not affected by this flaw.\nRed Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.\nRed Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.", "upstream_fix": "bootstrap 4.1.2, bootstrap 3.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14040\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14040" ], "name": "CVE-2018-14040", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Root Object as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5144\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5144\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5144" ], "name": "CVE-2018-5144", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-74", "details": [ "Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nSet-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Johan Carlsson as the original reporter.", "upstream_fix": "firefox 115.8, thunderbird 115.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1551\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1551\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1551\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1551" ], "name": "CVE-2024-1551", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.2, Thunderbird < 102.2, and Firefox < 104.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developer Nika Layzell and the Mozilla Fuzzing Team, reporting memory safety bugs present in Firefox 103 and Firefox ESR 102.1. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "firefox 102.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38477\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38477\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38477" ], "name": "CVE-2022-38477", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.", "A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE.\nThis issue affects the versions of the Linux kernel as shipped with 6, 7 and Red Hat Enterprise MRG 2. Future updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Miklos Szeredi (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15121\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15121" ], "name": "CVE-2017-15121", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted base64 data that triggers a buffer overflow.", "An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges David Ramos and Robert Dugal as the original reporters.", "upstream_fix": "openssl 1.0.0m, openssl 1.0.1h, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0292\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0292\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0292", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when XRefEntry::setFlag in XRef.h is called from Parser::makeStream in Parser.cc." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20481\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20481" ], "name": "CVE-2018-20481", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).", "It was discovered that the \"setElementTypePrefix()\" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service." ], "statement": "When processing a specially crafted XML file, expat may use more memory than ultimately necessary, which can also lead to increased CPU usage and longer processing times. Depending on available system resources and configuration, this may also lead to the application triggering the Out-Of-Memory-Killer, causing the application to be terminated.", "upstream_fix": "expat 2.2.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20843\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20843\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031" ], "name": "CVE-2018-20843", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.", "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later." ], "statement": "This flaw is rated as important because this flaw can easily compromise the confidentiality, integrity, or availability of resources but that allows local or authenticated users to gain additional privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication or other controls, allow authenticated remote users to execute arbitrary code, or allow remote users to cause a denial of service. But this flaw does not easily exploit by a remote unauthenticated attacker.", "acknowledgement": "This issue was discovered by Siddharth Sharma (Red Hat Product Security).", "upstream_fix": "systemd 240", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2526\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2526" ], "name": "CVE-2022-2526", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges ca0nguyen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1960\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1960\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-23.html" ], "name": "CVE-2016-1960", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c.", "Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications." ], "statement": "This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Low security impact and does not plan to address this flaw for the above components in any future security updates.\nThis issue affects the version of openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 0.9.8zd, OpenSSL 1.0.0p, OpenSSL 1.0.1k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8275\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8275\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-8275", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.", "It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request." ], "statement": "This issue affects the versions of python-twisted as shipped with Red Hat Satellite 6.x. However due to the manner in which python-twisted is used exploitation of this issue by an attacker would require significant access to the server, or be able to modify requests from other users via additional vulnerabilities. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1000111\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000111" ], "name": "CVE-2016-1000111", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.", "A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic." ], "statement": "This issue affects the version of openssl and nss libraries as shipped with Red Hat Enterprise Linux 4, 5, 6 and 7. More information about this flaw is available at: https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c4 and https://bugzilla.redhat.com/show_bug.cgi?id=1223211#c5.\nRed Hat Enterprise Linux 4 is in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 4.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4000\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4000\nhttps://access.redhat.com/articles/1456263\nhttps://weakdh.org/" ], "csaw": true, "name": "CVE-2015-4000" }, { "threat_severity": "Important", "public_date": "2014-05-07T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.", "A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\nIt was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system." ], "acknowledgement": "Red Hat would like to thank Matthew Daley for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1737\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1737" ], "name": "CVE-2014-1737", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16427\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16427\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16427", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest.", "A flaw was found in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "upstream_fix": "kernel 4.17-rc3, kernel 4.17-rc1, kernel 4.16-rc7, kernel 4.16, kernel 4.17-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1087\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1087\nhttps://access.redhat.com/security/vulnerabilities/pop_ss" ], "csaw": true, "name": "CVE-2018-1087" }, { "threat_severity": "Moderate", "public_date": "2018-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.", "It was found that curl and libcurl might send their Authentication header to a third party HTTP server upon receiving an HTTP REDIRECT reply. This could leak authentication token to external entities." ], "statement": "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5, 6, and 7, as well as the versions of httpd24-curl as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Craig de Stigter as the original reporter.", "upstream_fix": "curl 7.58.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000007\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000007\nhttps://curl.haxx.se/docs/adv_2018-b3bf.html" ], "name": "CVE-2018-1000007", "mitigation": { "value": "By default, curl and libcurl will not follow redirect requests.\nThis flaw happens only when curl or libcurl are explicitly requested to follow redirects (option --location in curl, and CURLOPT_FOLLOWLOCATION in libcurl).\nTo mitigate this, it is possible to prevent the automated following of redirects, replacing it by manual redirects (and remove the authentication header), for example.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-449", "details": [ "A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "firefox 115.8, thunderbird 115.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1548\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1548\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1548\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1548" ], "name": "CVE-2024-1548", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "This issue is rated as having Moderate impact because Only local users with privileges to access the sock_dgram Bluetooth socket can trigger this issue.", "acknowledgement": "Red Hat would like to thank Likang Luo (NSFOCUS Security Team) for reporting this issue.", "upstream_fix": "kernel 5.15.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3752\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3752\nhttps://lore.kernel.org/lkml/20211115165435.133245729@linuxfoundation.org/\nhttps://www.openwall.com/lists/oss-security/2021/09/15/4" ], "name": "CVE-2021-3752", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability. The possible solution is to disable Bluetooth completely: https://access.redhat.com/solutions/2682931", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Michał Bentkowski as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7188\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7188\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-122.html" ], "name": "CVE-2015-7188", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid subkey, but the RNP library rejects it from being used, causing encryption to fail. This vulnerability affects Thunderbird < 78.9.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Neal Walfield as the original reporter.", "upstream_fix": "thunderbird 78.9.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23993\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23993" ], "name": "CVE-2021-23993", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-27T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-391", "details": [ "The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.", "It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor." ], "statement": "This issue did not affect the kvm packages as shipped with Red Hat Enterprise Linux 5 as they lack support for sysenter instruction emulation.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. A future update may address this issue.\nPlease note that the Red Hat Enterprise Linux with KVM certified guest operating\nsystems do initialize the SYSENTER MSRs and are thus not vulnerable to\nthis issue when running on KVM hypervisor.", "acknowledgement": "Red Hat would like to thank Nadav Amit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0239\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0239" ], "name": "CVE-2015-0239", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-326", "details": [ "In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIn specific HSTS configurations an attacker could have bypassed HSTS on a subdomain." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.", "upstream_fix": "firefox 115.7, thunderbird 115.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0753\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0753\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0753\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0753" ], "name": "CVE-2024-0753", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries." ], "acknowledgement": "Red Hat would like to thank Andrea Palazzo (Truel IT) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4806\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4806\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4806", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call.", "A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4654\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4654" ], "name": "CVE-2014-4654", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-17T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.", "A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4171\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4171" ], "name": "CVE-2014-4171", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3894\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3894\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3894", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-319", "details": [ "A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.", "A flaw was found in the Linux kernel. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality." ], "acknowledgement": "This issue was discovered by Mark Gray (Red Hat) and Sabrina Dubroca (Red Hat).", "upstream_fix": "Linux kernel 5.9-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25645\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25645" ], "name": "CVE-2020-25645", "mitigation": { "value": "A possible workaround for this flaw is to configure IPsec for all traffic between the endpoints, instead of specifically for the UDP port used by the GENEVE tunnels. If GENEVE tunnels are not used, this flaw will not be triggered. In that case, it is possible to disable those tunnels, by unloading the \"geneve\" kernel module and blacklisting it (See https://access.redhat.com/solutions/41278 for a\nguide on how to blacklist modules).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2816" ], "name": "CVE-2019-2816", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "2.4", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.", "A memory leak was discovered in the systemd-login when a power-switch event is received. A physical attacker may trigger one of these events and leak bytes due to a missing free." ], "statement": "The version of systemd delivered in OpenShift Container Platform 4.1 and included in CoreOS images has been superseded by the version delivered in Red Hat Enterprise Linux 8. CoreOS updates for systemd in will be consumed from Red Hat Enterprise Linux 8 channels.", "upstream_fix": "systemd 243", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20386\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20386" ], "name": "CVE-2019-20386", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10274\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10274" ], "name": "CVE-2017-10274", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10193\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10193" ], "name": "CVE-2017-10193", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-17T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An integer overflow in \"createImageBitmap()\" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the \"createImageBitmap\" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.", "A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero Day Initiative as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5428\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5428\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428" ], "name": "CVE-2017-5428", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.", "A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6214\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6214" ], "name": "CVE-2017-6214", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9278\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9278" ], "name": "CVE-2019-9278", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21939\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21939" ], "name": "CVE-2023-21939", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.", "A flaw was found in the way glusterfs server handles client requests. A remote, authenticated attacker could set arbitrary values for the GF_XATTROP_ENTRY_IN_KEY and GF_XATTROP_ENTRY_OUT_KEY during xattrop file operation resulting in creation and deletion of arbitrary files on glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14654\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14654" ], "name": "CVE-2018-14654", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-09-05T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.", "It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7141\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7141\nhttps://curl.haxx.se/docs/adv_20160907.html" ], "name": "CVE-2016-7141", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-266", "details": [ "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4181\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4181" ], "name": "CVE-2018-4181", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-456->CWE-200", "details": [ "fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.", "A flaw was found in the Linux kernel's implementation of ext4 extent management. The kernel doesn't correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem." ], "statement": "This is a possible information leak of data that existed in the extent tree blocks. While the attacker does not have control of what exists in the blocks prior to this point they may be able to glean confidential information or possibly information that could be used to further another attack.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11833\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11833" ], "name": "CVE-2019-11833", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-784", "details": [ "When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Marco Squarcina as the original reporter.", "upstream_fix": "thunderbird 102.14, thunderbird 115.1, firefox 115.1, firefox 102.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4055\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4055\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4055\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4055" ], "name": "CVE-2023-4055", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-1320", "details": [ "A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.", "A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having Moderate impact.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2319\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2319" ], "name": "CVE-2022-2319", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-19T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\"", "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG 2.x. This issue has been rated as having Important security impact. Updates for each affected version are in progress and will be released as soon as possible.\nShipping versions of Fedora are affected and Fedora is aware of this flaw.\nFor additional information about this flaw, please see https://access.redhat.com/security/vulnerabilities/2706661", "acknowledgement": "Red Hat would like to thank Phil Oester for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5195\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5195" ], "csaw": true, "name": "CVE-2016-5195", "mitigation": { "value": "Please see bug 1384344 comment #13 (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13) for details on how to mitigate this issue.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2019-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.", "A vulnerability was found in the Linux kernel's generic WiFi ESSID handling implementation. The flaw allows a system to join a wireless network where the ESSID is longer than the maximum length of 32 characters, which can cause the system to crash or execute code." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17133\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17133" ], "name": "CVE-2019-17133", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-863", "details": [ "The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.", "The move_pages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. This enables a local attacker to learn the memory layout of a setuid executable allowing mitigation of ASLR." ], "upstream_fix": "kernel 4.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14140\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14140" ], "name": "CVE-2017-14140", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad." ], "statement": "The described vulnerability in the iconv() function of GNU C Library, particularly affecting ISO-2022-CN-EXT character set conversions, poses a important severity issue due to its potential for out-of-bound writes. Such buffer overflows can lead to arbitrary memory corruption, which can be exploited by attackers to execute arbitrary code, crash applications, or overwrite critical data structures, including neighboring variables. Given that the overflow can occur with specific, predictable values through SS2designation and SS3designation escape sequences, an attacker could craft malicious input to specifically trigger these overflows. Exploitation of this vulnerability could result in denial of service, privilege escalation, or even remote code execution, posing a significant threat to the security and integrity of affected systems.", "acknowledgement": "Red Hat would like to thank Charles Fol for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2961\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2961\nhttps://www.openwall.com/lists/oss-security/2024/04/17/9" ], "name": "CVE-2024-2961", "mitigation": { "value": "This issue can be mitigated by removing the ISO-2022-CN-EXT from glibc-gconv-extra's modules configuration. This can be done by:\n1) Verify if the module is loaded by running:\n~~~\n$ iconv -l | grep -E 'CN-?EXT'\nISO-2022-CN-EXT//\nISO2022CNEXT//\n~~~\nIf the grep output looks like the above, ISO-2022-CN-EXT module is enabled.\n2) Disabled the module by editing the file located at /usr/lib64/gconv/gconv-modules.d/gconv-modules-extra.conf and comment the following lines. For RHEL 7 the file that needs to be edited is /usr/lib64/gconv/gconv-modules. This step requires to be executed by a privileged user:\n~~~\n# from to module cost\nalias ISO2022CNEXT// ISO-2022-CN-EXT//\nmodule ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1\nmodule INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1\n~~~\nFor commenting those lines just add the '#' character at the beginning of mentioned lines:\n~~~\n# from to module cost\n#alias ISO2022CNEXT// ISO-2022-CN-EXT//\n#module ISO-2022-CN-EXT// INTERNAL ISO-2022-CN-EXT 1\n#module INTERNAL ISO-2022-CN-EXT// ISO-2022-CN-EXT 1\n~~~\n3) Update the iconv cache by running:\n~~~\nsudo iconvconfig\n~~~\n4) Check if the module was disabled by running the first step again. This time ISO-2022-CN-EXT should not appear in the output.\nPlease notice that disabling the mentioned gconv module may lead applications relying in the affected module to fail in converting characters and should be used as a temporary mitigation before being able to fully update the affected package.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate.", "It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record." ], "statement": "The Red Hat Security Response Team has rated this issue as having Moderate security impact. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2653\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2653" ], "name": "CVE-2014-2653", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.10, firefox 91.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-31737\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31737\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737" ], "name": "CVE-2022-31737", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-451", "details": [ "When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Theriault as the original reporter.", "upstream_fix": "thunderbird 78, firefox 78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12424\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12424\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424" ], "name": "CVE-2020-12424", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-03-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1321", "details": [ "matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThunderbird users who use the Matrix chat protocol were vulnerable to a denial-of-service attack." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Matrix Security Team as the original reporter.", "upstream_fix": "thunderbird 102.9.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-28427\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28427\nhttps://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr\nhttps://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-12/#CVE-2023-28427" ], "name": "CVE-2023-28427", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21954\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21954" ], "name": "CVE-2023-21954", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) by retransmitting Fast BSS Transition (FT) Reassociation Requests." ], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13082\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13082\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13082", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation." ], "upstream_fix": "freetype 2.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-9382\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9382" ], "name": "CVE-2015-9382", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2663\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2663" ], "name": "CVE-2018-2663", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash)." ], "statement": "This issue does not affect Red Hat Enterprise Linux 8 because we don't ship openldap-servers subpackage with the Red Hat Enterprise Linux 8 (it is only present in the buildroot).", "upstream_fix": "openldap 2.4.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12243\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12243" ], "name": "CVE-2020-12243", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.", "It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.4.1, samba 4.3.7, samba 4.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2113\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2113\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2113", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-693", "details": [ "Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.", "Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to enable escalation of privilege via local access." ], "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46329\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46329\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-46329", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-10T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access.", "An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution." ], "upstream_fix": "glibc 2.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8778\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8778" ], "name": "CVE-2015-8778", "mitigation": { "value": "Do not use any applications which call hcreate or hcreate_r with a large size argument.\nThese functions are used only rarely, and most callers supply a constant argument. Other applications calculate the size argument in such a way that the error condition cannot be triggered.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17042\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17042" ], "name": "CVE-2019-17042", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12264\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12264" ], "name": "CVE-2018-12264", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jerri Rice as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5410\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5410\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5410" ], "name": "CVE-2017-5410", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-01-31T15:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-22", "details": [ "A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.", "A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack." ], "acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE Security Team) for reporting this issue.", "upstream_fix": "pesign 116", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-3560\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3560" ], "name": "CVE-2022-3560", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-19T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.", "A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult." ], "statement": "This is a glibc-side mitigation. For a related kernel mitigation please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000364 .", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000366\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000366\nhttps://access.redhat.com/security/vulnerabilities/stackguard\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" ], "csaw": true, "name": "CVE-2017-1000366" }, { "threat_severity": "Important", "public_date": "2020-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.", "An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service. A majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled." ], "statement": "Upstream has released additional information about this flaw. Details available at: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tobias Klein as the original reporter.", "upstream_fix": "bind 9.11.19, bind 9.14.12, bind 9.16.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8617\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8617\nhttps://kb.isc.org/docs/cve-2020-8617" ], "name": "CVE-2020-8617", "mitigation": { "value": "BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled. Upstream recommends using random value in session-keyname as a workaround. This can be added to named.conf configuration file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-19T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.", "A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enteprise MRG 2. Future kernel and kernel-rt updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2666\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2666" ], "name": "CVE-2015-2666", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE.", "It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2601\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2601\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2601", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-07T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.", "A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 and 6 because we do not provide support for Transactional Memory on Power PC architecture.\nThis issue does not affect Red Hat Enterprise MRG 2 because we do not support Power PC architecture.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2673\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2673" ], "name": "CVE-2014-2673", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "nscd: Stack-based buffer overflow in netgroup cache\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\nThis vulnerability is only present in the nscd binary.", "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity." ], "statement": "This stack-based buffer overflow vulnerability in nscd presents a important severity issue due to its potential to be exploited by malicious actors to execute arbitrary code or cause denial-of-service (DoS) conditions. By carefully crafting input data, an attacker could manipulate the program's control flow, leading to unintended behavior such as executing arbitrary commands, escalating privileges, or crashing the application. Since the overflow occurs in a critical system component responsible for caching name service data, exploitation could have far-reaching consequences, including unauthorized access to sensitive information or disruption of essential services.\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-33599\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-33599" ], "name": "CVE-2024-33599", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.", "A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. A user/process could use this flaw to crash the guest VM resulting in a denial of service issue or, potentially, gain privileged access to a system." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "acknowledgement": "Red Hat would like to thank Jann Horn (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6974\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6974" ], "name": "CVE-2019-6974", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86." ], "statement": "Fuse 6.3 and 7 standalone distributions ship but do not use tomcat, and as such are not affected by this flaw; however, Fuse Integration Services 2.0 and Fuse 7 on OpenShift provide the affected artifacts via their respective maven repositories, and will provide fixes for this issue in a future release.", "upstream_fix": "tomcat 8.0.52, tomcat 8.5.31, tomcat 9.0.8, tomcat 7.0.88", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1336\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1336" ], "name": "CVE-2018-1336", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-25T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the \"redir_stack\" issue.", "It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code." ], "statement": "A patch for this issue was applied to the bash packages in Red Hat Enterprise Linux via RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312. The errata do not mention the CVE in the description, as the CVE was only assigned after those updates were released.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7186\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7186" ], "name": "CVE-2014-7186", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp allows remote attackers to cause a denial of service (invalid memory access) via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8977\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8977" ], "name": "CVE-2018-8977", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-131->CWE-190->CWE-122", "details": [ "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.", "It was discovered that systemd-network does not correctly keep track of a buffer size when constructing DHCPv6 packets. This flaw may lead to an integer underflow that can be used to produce an heap-based buffer overflow. A malicious host on the same network segment as the victim's one may advertise itself as a DHCPv6 server and exploit this flaw to cause a Denial of Service or potentially gain code execution on the victim's machine." ], "statement": "This issue affects the versions of systemd-networkd as shipped with Red Hat Enterprise Linux 7, however the package is available only through the unsupported Optional repository and it cannot be exploited unless the interface is explicitly configured to use DHCP.\nThis issue affects the versions of NetworkManager as shipped with Red Hat Enterprise Linux 7 because the package includes some parts of the systemd-networkd code, which present the same vulnerability. NetworkManager is vulnerable to this flaw only when configured to use the internal DHCP, which is not the default. However, when it is, the flaw may be triggered by a connection where either ipv6.method is set to dhcp or it is set to auto, which is the default value.", "acknowledgement": "Red Hat would like to thank Ubuntu Security Team for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15688\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15688" ], "name": "CVE-2018-15688", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.", "A flaw was found in webkitgtk. This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution." ], "statement": "This flaw is rated as having Moderate impact considering the ability of an attacker to perform arbitrary code execution is limited to cases where a web browser is involved. Red Hat expects customers to not feed untrusted input into WebKit.", "upstream_fix": "webkitgtk 2.32.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-30858\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30858\nhttps://webkitgtk.org/security/WSA-2021-0005.html\nhttps://www.openwall.com/lists/oss-security/2021/09/20/1" ], "name": "CVE-2021-30858", "mitigation": { "value": "This flaw can be mitigated by either disabling JavaScript or by disabling IndexedDB", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.
*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.", "The Mozilla Foundation Security Advisory describes this flaw as: An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.\n*This bug only affects Firefox for Linux. Other operating systems are unaffected.*" ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nika Layzell as the original reporter.", "upstream_fix": "thunderbird 102.6, firefox 102.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46872\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46872\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46872\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872" ], "name": "CVE-2022-46872", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process.", "A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10927\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10927" ], "name": "CVE-2018-10927", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3289\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3289" ], "name": "CVE-2017-3289", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer underflow or overflow, and application crash) via an ELF file with a corrupt DWARF FORM block, as demonstrated by nm.", "An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7569\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7569" ], "name": "CVE-2018-7569", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-25T17:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable.", "An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw.\nSystems with less than 32GB of memory are very unlikely to be affected by this issue due to memory demands during exploitation.\nThis issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the version of the kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 will address this issue.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14634\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14634\nhttps://access.redhat.com/security/vulnerabilities/mutagen-astronomy\nhttps://www.openwall.com/lists/oss-security/2018/09/25/4" ], "name": "CVE-2018-14634", "mitigation": { "value": "To mitigate the issue:\nEnable and install kernel-debuginfo packages as per https://access.redhat.com/solutions/666123\n1) On the host, save the following in a file with the \".stp\" extension:\n// CVE-2018-14634\n//\n// Theory of operations: adjust the thread's # rlimit-in-effect around\n// calls to the vulnerable get_arg_page() function so as to encompass\n// the newly required _STK_LIM / 4 * 3 maximum.\n// Complication: the rlimit is stored in a current-> structure that\n// is shared across the threads of the process. They may concurrently\n// invoke this operation.\nfunction clamp_stack_rlim_cur:long ()\n%{\nstruct rlimit *rlim = current->signal->rlim;\nunsigned long rlim_cur = READ_ONCE(rlim[RLIMIT_STACK].rlim_cur);\nunsigned long limit = _STK_LIM / 4 * 3;\nlimit *= 4; // multiply it back up, to the scale used by rlim_cur\nif (rlim_cur > limit) {\nWRITE_ONCE(rlim[RLIMIT_STACK].rlim_cur, limit);\nSTAP_RETURN(limit);\n} else\nSTAP_RETURN(0);\n%}\nprobe kernel.function(\"copy_strings\").call\n{\nl = clamp_stack_rlim_cur()\nif (l)\nprintf(\"lowered process %s(%d) STACK rlim_cur to %p\\n\",\nexecname(), pid(), l)\n}\nprobe begin {\nprintf(\"CVE-2018-14634 mitigation loaded\\n\")\n}\nprobe end {\nprintf(\"CVE-2018-14634 mitigation unloaded\\n\")\n}\n2) Install the \"systemtap\" package and any required dependencies. Refer\nto the \"2. Using SystemTap\" chapter in the Red Hat Enterprise Linux\n\"SystemTap Beginners Guide\" document, available from docs.redhat.com,\nfor information on installing the required -debuginfo and matching kernel-devel packages\n3) Run the \"stap -g [filename-from-step-1].stp\" command as root.\nIf the host is rebooted, the changes will be lost and the script must be\nrun again.\nAlternatively, build the systemtap script on a development system with\n\"stap -g -p 4 [filename-from-step-1].stp\", distribute the resulting\nkernel module to all affected systems, and run \"staprun -L \" on those.\nWhen using this approach only systemtap-runtime package is required on\nthe affected systems. Please notice that the kernel version must be the same\nacross all systems.\nThis may not be a suitable workaround if your application uses massive amounts of stack space. Please consider this if there are any adverse affects when running this mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Marcin 'Icewall' Noga (Cisco Talos) as the original reporter.", "upstream_fix": "thunderbird 68.9.0, firefox 68.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12405\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12405\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405" ], "name": "CVE-2020-12405", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).", "A use-after-free flaw exists in WebKitGTK. This flaw allows remote attackers to execute arbitrary code or cause a denial of service." ], "upstream_fix": "webkitgtk 2.28.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11793\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11793\nhttps://webkitgtk.org/security/WSA-2020-0004.html" ], "name": "CVE-2020-11793", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-13T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.", "A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system by creating a special stack layout that would force the perf_callchain_user_64() function into an infinite loop." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and may be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6526\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6526" ], "name": "CVE-2015-6526", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-23T00:00:00Z", "cvss3": { "cvss3_base_score": "2.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.", "The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file." ], "upstream_fix": "Kernel 6.4-rc6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1118\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1118" ], "name": "CVE-2018-1118", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference).", "A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapi_reset function may result in denial of service, crashing the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5 and 6 and kernel-alt.\nThis issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by ChunYu Wang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15116\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15116" ], "name": "CVE-2017-15116", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nFirefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6858\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6858\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858" ], "name": "CVE-2023-6858", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue." ], "upstream_fix": "tomcat 9.0.9, tomcat 7.0.89, tomcat 8.5.32, tomcat 8.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8014\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8014\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.89\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.53\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.32\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.9" ], "name": "CVE-2018-8014", "mitigation": { "value": "When using the CORS filter, it is recommended to configure it explicitly for your environment. In particular, the combination of `cors.allowed.origins = *` and `cors.support.credentials = True` should be avoided as this can leave your application vulnerable to cross-site scripting (XSS). For details on configuring CORS filter, please refer to https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2022-05-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-203", "details": [ "When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message might show the security status of message B." ], "upstream_fix": "thunderbird 91.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1520\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1520" ], "name": "CVE-2022-1520", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2013-11-09T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.", "It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8172\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8172" ], "name": "CVE-2014-8172", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference." ], "statement": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 prior to 7.5 as they did not include the vulnerable code.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17282\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17282" ], "name": "CVE-2018-17282", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-01T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.", "It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2143\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2143" ], "name": "CVE-2016-2143", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8559\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8559" ], "name": "CVE-2019-8559", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-09-28T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-253", "details": [ "The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled.", "A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7796\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7796" ], "name": "CVE-2016-7796", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.", "An information leakage issue was found in the way Linux kernel's KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand. It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host's stack memory contents to a guest." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.\nNote:- Impact on Red Hat Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview.", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7222\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7222" ], "name": "CVE-2019-7222", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8610\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8610\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8610", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-192", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21619\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21619" ], "name": "CVE-2022-21619", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-665->CWE-335", "details": [ "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.", "Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM." ], "acknowledgement": "Red Hat would like to thank the Python Security Response Team for reporting this issue.", "upstream_fix": "python 3.7.1, python 3.6.7, python 2.7.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14647\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14647\nhttps://bugs.python.org/issue34623" ], "name": "CVE-2018-14647", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.", "A use-after-free flaw was found in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component that can be exploited to achieve local privilege escalation. If a class with a link-sharing curve, for example, with the HFSC_FSC flag set, has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4623\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4623\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f" ], "name": "CVE-2023-4623", "mitigation": { "value": "To mitigate this issue, prevent the module sch_hfsc from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.", "A flaw was found in freerdp in versions before 2.0.0-rc4. An out-of-bounds write of up to 4 bytes in the nsc_rle_decode() function results in a memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8788\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8788" ], "name": "CVE-2018-8788", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-179", "details": [ "If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.7, firefox 91.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-26384\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26384\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384" ], "name": "CVE-2022-26384", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-788", "details": [ "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.", "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "acknowledgement": "Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0229\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0229" ], "name": "CVE-2024-0229", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "WebExtension scripts can use the \"data:\" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Muneaki Nishimura as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5386\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5386\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5386" ], "name": "CVE-2017-5386", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts).", "A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5548\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5548" ], "name": "CVE-2016-5548", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-09T10:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120->CWE-131->CWE-787", "details": [ "A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem in how a user changes certain kernel parameters and variables. This flaw allows a local user to crash or potentially escalate their privileges on the system." ], "statement": "To trigger this issue, the user needs some privileges (for example, access to the sysctl files), but usually less than root or CAP_NET_ADMIN.", "upstream_fix": "kernel 6.0.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-4378\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4378\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-avoid-integer-type-confusion-in-get_proc_long.patch\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-6.0/proc-proc_skip_spaces-shouldn-t-think-it-is-working-on-c-strings.patch\nhttps://seclists.org/oss-sec/2022/q4/178" ], "name": "CVE-2022-4378", "mitigation": { "value": "A possible workaround is preventing regular users from accessing sysctl files (such as /proc/sys/net/ipv4/tcp_rmem and similar). Also, preventing a user from increasing privileges with commands such as \"unshare -rn\" (that allows obtaining net namespace privileges required to access /proc/sys/net/ipv4/tcp_rmem).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-05-07T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.", "A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)\nIt was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)\nNote: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system." ], "acknowledgement": "Red Hat would like to thank Matthew Daley for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1738\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1738" ], "name": "CVE-2014-1738", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-23T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-358", "details": [ "Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.", "An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0636\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0636" ], "name": "CVE-2016-0636", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-26T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.", "It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5472\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5472" ], "name": "CVE-2014-5472", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1." ], "upstream_fix": "Thunderbird 60.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11705\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11705\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-17/" ], "name": "CVE-2019-11705", "mitigation": { "value": "Thunderbird can be configured to use icaljs instead of libical by setting `calendar.icaljs = true` in preferences, mitigating this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-28T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of \"0xffff\" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.", "An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application." ], "statement": "This issue affects the version of glibc package as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6040\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6040" ], "name": "CVE-2014-6040", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-89", "details": [ "By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens." ], "statement": "Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default.\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JDBCAppender is not used. Therefore the impact of this vulnerability for these products is rated Low.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-23305\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23305\nhttps://www.openwall.com/lists/oss-security/2022/01/18/4" ], "name": "CVE-2022-23305", "mitigation": { "value": "These are the possible mitigations for this flaw for releases version 1.x:\n- Comment out or remove JDBCAppender in the Log4j configuration if it is used\n- Remove the JDBCAppender class from the server's jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/jdbc/JDBCAppender.class\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-90", "details": [ "sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters", "A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authentication request to the corresponding principal. The mapping filter is vulnerable to LDAP filter injection. The search result can be influenced by values in the certificate, which may be attacker controlled. In the most extreme case, an attacker could gain control of the admin account, leading to full domain takeover." ], "statement": "The issue was introduced in SSSD 1.15.3 (when libsss_certmap was introduced) and resolved in SSSD 2.3.1. It only affects versions of SSSD shipped with RHEL-8.2.0.z and lower streams. Later versions are not affected. \nFreeIPA is not vulnerable in its default configuration.", "upstream_fix": "sssd 2.3.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-4254\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4254" ], "name": "CVE-2022-4254", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "upstream_fix": "chromium-browser 70.0.3538.67", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17466\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17466\nhttps://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html" ], "name": "CVE-2018-17466", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\n`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "firefox 115.9, thunderbird 115.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2608\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2608\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2608\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2608" ], "name": "CVE-2024-2608", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.10, firefox 91.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-31747\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31747\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31747" ], "name": "CVE-2022-31747", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-09-21T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.", "Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter.", "upstream_fix": "openssl 1.0.2i, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6306\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6306\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-6306", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordi Chancel as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2822\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2822\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-52.html" ], "name": "CVE-2016-2822", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore.", "A flaw was found in the Linux kernel’s implementation of the Linux SCSI target host, where an authenticated attacker could write to any block on the exported SCSI device backing store. This flaw allows an authenticated attacker to send LIO block requests to the Linux system to overwrite data on the backing store. The highest threat from this vulnerability is to integrity. In addition, this flaw affects the tcmu-runner package, where the affected SCSI command is called." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-28374\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-28374" ], "name": "CVE-2020-28374", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-90->CWE-476", "details": [ "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5729\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5729" ], "name": "CVE-2018-5729", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2794\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2794", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.", "An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service." ], "acknowledgement": "Red Hat would like to thank Joachim Jabs (F24) for reporting this issue.", "upstream_fix": "389-ds-base 1.3.5.17, 389-ds-base 1.3.6.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2668\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2668" ], "name": "CVE-2017-2668", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-125", "details": [ "The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9657\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9657" ], "name": "CVE-2014-9657", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5261\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5261\nhttps://www.mozilla.org/security/advisories/mfsa2016-75/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5261", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c.", "A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash." ], "statement": "This issue does not affect the version of openssl097a as shipped with Red Hat Enterprise Linux 5. This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact and does not plan to address this flaw for the above components in any future security updates.\nThis issue affects the version of openssl as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 0.9.8zd, OpenSSL 1.0.0p, OpenSSL 1.0.1k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3571\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3571\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-3571", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7828\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7828\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828" ], "name": "CVE-2017-7828", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-20T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-391", "details": [ "named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.", "A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions." ], "statement": "Red Hat Enterprise Linux 5 ships with both bind (9.3) packages which are not affected by this issue, and bind97 packages, which are affected by this issue.\nRed Hat Enterprise Linux 5 is now in Production Phase 3 of the support and maintenance life cycle. This issue is not currently planned to be addressed in future bind97 updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "BIND 9.9.7, BIND 9.10.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1349\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1349\nhttps://kb.isc.org/article/AA-01235/0/CVE-2015-1349%3A-A-Problem-with-Trust-Anchor-Management-Can-Cause-named-to-Crash.html" ], "name": "CVE-2015-1349", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.", "A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process." ], "acknowledgement": "Red Hat would like to thank Jskz - Zero Day Initiative (trendmicro.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11806\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11806" ], "name": "CVE-2018-11806", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-415", "details": [ "A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Red Hat Enterprise Linux 5 and 6 are not affected by this issue as they shipped an older version of `libvirt` which did not include the vulnerable code. This flaw affects versions of the `libvirt` package as shipped with Red Hat Enterprise Linux 7 and 8 as well as Red Hat Enterprise Linux Advanced Virtualization 8. Future `libvirt` package updates for these products may address this issue.", "acknowledgement": "Red Hat would like to thank Ilja Van Sprundel (IOActive) for reporting this issue.", "upstream_fix": "libvirt 6.8.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25637\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25637" ], "name": "CVE-2020-25637", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-352", "details": [ "Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account." ], "upstream_fix": "mailman 2.1.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6893\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6893" ], "name": "CVE-2016-6893", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.", "Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 3.5.15, squid 4.0.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2569\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2569\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2569", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-11-10T00:00:00Z", "cvss": { "cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.", "It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel." ], "statement": "This issue affects the version of the kvm and xen packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production Phase 3 of the support and maintenance life cycle. Thus it is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Ben Serebrin (Google Inc.) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5307\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5307" ], "name": "CVE-2015-5307", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-30T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the \"Bar Mitzvah\" issue." ], "statement": "This flaw is related to the design of the RC4 protocol and not its implementation. Therefore there are no plans to correct this issue in Red Hat Enterprise Linux 5, 6 and 7. Future updates may disable the use of RC4 in various components.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2808\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2808\nhttp://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf" ], "name": "CVE-2015-2808", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.", "An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-31436\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31436\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3037933448f60f9acb705997eae62013ecb81e0d" ], "name": "CVE-2023-31436", "mitigation": { "value": "To mitigate this issue, prevent the module, sch_qfq from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g." ], "statement": "This flaw only exhibits itself when:\n1. OpenSSL is used to display details of a local or a remote certificate.\n2. The certificate contains the uncommon RFC 3779 IPAddressFamily extension.\nThe maximum impact of this flaw is garbled information being displayed, there is no impact on the availability of service using such a certificate. Also this flaw can NOT be used to create specially-crafted certificates. Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "openssl 1.0.2m, openssl 1.1.0g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3735\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3735\nhttps://www.openssl.org/news/secadv/20170828.txt" ], "name": "CVE-2017-3735", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15862\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15862" ], "name": "CVE-2018-15862", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "upstream_fix": "firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17008\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17008\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008" ], "name": "CVE-2019-17008", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-77", "details": [ "When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Vadim as the original reporter.", "upstream_fix": "thunderbird 102.7, firefox 102.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-23599\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-23599\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23599\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23599" ], "name": "CVE-2023-23599", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.", "A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application." ], "statement": "This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "libxml2 2.9.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14404\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14404" ], "name": "CVE-2018-14404", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-1173->CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21341\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21341" ], "name": "CVE-2022-21341", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8813\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8813\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8813", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-90", "details": [ "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5730\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5730" ], "name": "CVE-2018-5730", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-331->CWE-200", "details": [ "In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.", "A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a net_hash_mix() function. A remote user could observe a weak IP ID generation in this field to track Linux devices." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10638\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10638\nhttps://arxiv.org/pdf/1906.10478.pdf" ], "name": "CVE-2019-10638", "csaw": false }, { "threat_severity": "Low", "public_date": "2024-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-703", "details": [ "nscd: netgroup cache may terminate daemon on memory allocation failure\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\nThis vulnerability is only present in the nscd binary.", "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure." ], "statement": "The flaw in the glibc netgroup cache, while concerning, is categorized as a low severity issue due to several factors. Firstly, the exploitation of this vulnerability requires specific conditions, such as a memory allocation failure within the netgroup cache, which may not occur frequently in typical usage scenarios. Additionally, the impact of such failures is limited to the termination of the affected process, rather than facilitating unauthorized access or data manipulation. Furthermore, the likelihood of successful exploitation and the potential for widespread harm are comparatively low, given the specific nature of the vulnerability and its constrained impact.\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-33601\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-33601" ], "name": "CVE-2024-33601", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).", "It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3539\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3539\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3539", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.", "An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.2h, openssl 1.0.1t", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2105\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2105\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2105", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a \"CacheBleed\" attack.", "A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania), and Yuval Yarom (University of Adelaide and NICTA) as the original reporters.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0702\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0702\nhttp://cachebleed.info/\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0702", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4489\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4489\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-90.html" ], "name": "CVE-2015-4489", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8814\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8814\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8814", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-11-24T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.", "The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-16939\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16939" ], "name": "CVE-2017-16939", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-356", "details": [ "It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.", "It was found that libreoffice was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location." ], "acknowledgement": "Red Hat would like to thank The LibreOffice project for reporting this issue. Upstream acknowledges Alex Inführ as the original reporter.", "upstream_fix": "libreoffice 6.1.3, libreoffice 6.0.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16858\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16858\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/" ], "name": "CVE-2018-16858", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.", "A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges David Keeler as the original reporter.", "upstream_fix": "nss 3.19.4, nss 3.19.2.1, nss 3.20.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7182\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7182\nhttps://access.redhat.com/articles/2043623\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-133.html" ], "name": "CVE-2015-7182", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability.", "A flaw was found in slapi-nis. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability." ], "statement": "This vulnerability affects Directory Server with the Schema Compatibility plugin \"slapi-nis\". To verify if an instance is configured with Schema Compatibility: \n$ ldapsearch -b 'cn=Schema Compatibility,cn=plugins,cn=config' -s base\nRed Hat Identity Management is affected by this flaw.", "acknowledgement": "Red Hat would like to thank Alexander Bokovoy for reporting this issue.", "upstream_fix": "slapi-nis 0.56.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3480\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3480" ], "name": "CVE-2021-3480", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-22T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.", "It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own." ], "statement": "Applying the fix provided to mitigate this issue may cause Tomcat to return 400 status after updating. For more information, refer to https://access.redhat.com/solutions/2891171", "upstream_fix": "tomcat 6.0.48, tomcat 7.0.73, tomcat 8.5.8, tomcat 8.0.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6816\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6816\nhttps://access.redhat.com/articles/2991951\nhttps://access.redhat.com/solutions/2891171\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8" ], "name": "CVE-2016-6816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.", "A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory." ], "statement": "This did not affect openssl packages in Red Hat Enterprise Linux 5 (based on upstream 0.9.8e) and openssl 1.0.0 packages in Red Hat Enterprise Linux 6 (i.e. packages released before RHBA-2013:1585, which rebased openssl from 1.0.0 to 1.0.1e). The issue was introduced upstream in versions 0.9.8o and 1.0.0a.", "upstream_fix": "openssl 0.9.8zb, openssl 1.0.1i, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3507\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3507\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3507", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-13T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.", "It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by Ondrej Kozina (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7042\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7042" ], "name": "CVE-2016-7042", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12363\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12363\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12363" ], "name": "CVE-2018-12363", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-367", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14803\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14803" ], "name": "CVE-2020-14803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.", "A vulnerability was found in hiddev_open in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddev_list cleanup occurs at failure, as this may lead to a use-after-free problem, or possibly escalate privileges to an unauthorized user." ], "statement": "This issue is rated as Moderate because of the need of physical access to the system.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19527\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19527" ], "name": "CVE-2019-19527", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-16T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-306", "details": [ "firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.", "A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings." ], "upstream_fix": "firewalld 0.4.3.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5410\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5410" ], "name": "CVE-2016-5410", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen interacting with an HTML input element's file picker dialog with `webkitdirectory` set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash." ], "upstream_fix": "thunderbird 91.3, firefox 91.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38504\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38504" ], "name": "CVE-2021-38504", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Owen, Bogdan Tara, Boris Zbarsky, Calixte Denizet, Christian Holler, Gary Kwong, Jason Kratzer, Jed Davis, Philipp, Raul Gurzau, Raymond Forbes, Ronald Crane, Taegeon Lee, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12390\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12390\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390" ], "name": "CVE-2018-12390", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.", "A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21885\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21885" ], "name": "CVE-2024-21885", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-248", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE.", "A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0488\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0488\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0488", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Herre as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2731\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2731\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-63.html" ], "name": "CVE-2015-2731", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7749\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7749\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7749" ], "name": "CVE-2017-7749", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12360\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12360\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12360" ], "name": "CVE-2018-12360", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.", "The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17558\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17558" ], "name": "CVE-2017-17558", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-11-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER attribute or an OBJECT tag with a DATA attribute, a network request to the referenced remote URL was performed, regardless of a configuration to block remote content. An image loaded from the POSTER attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targetting releases that did not yet have a fix for CVE-2022-3033 which was reported around three months ago. This vulnerability affects Thunderbird < 102.5.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of a configuration to block remote content, and an image loaded from the poster attribute was shown in the composer window. These issues could have given an attacker additional capabilities when targeting releases that did not yet have a fix for CVE-2022-3033." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sarah Jamie Lewis as the original reporter.", "upstream_fix": "thunderbird 102.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45414\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45414\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-50/#CVE-2022-45414" ], "name": "CVE-2022-45414", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-04T09:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.", "A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system." ], "statement": "This issue requires access to a DAX enabled storage.\nThis issue affects Red Hat Enterprise Linux 7 kernels starting with kernel-3.10.0-862, that is Red Hat Enterprise Linux 7.5 GA kernel. Red Hat Enterprise Linux 7 kernels prior to that version are not affected as they did not include the functionality that enabled this issue to be exploited.\nRed Hat Product Security is aware of this issue. Updates will be released as they become available.", "acknowledgement": "Red Hat would like to thank Fan Yang for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10757\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10757\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5bfea2d9b17f1034a68147a8b03b9789af5700f9\nhttps://www.openwall.com/lists/oss-security/2020/06/04/4" ], "name": "CVE-2020-10757", "mitigation": { "value": "Do not use DAX enabled storage.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9077\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9077" ], "name": "CVE-2017-9077", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-04T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.", "A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system." ], "statement": "This issue did not affect the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue requires local system access to be exploited. We are currently not aware of any working exploit for Red Hat Enterprise Linux 6 or Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3153\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3153" ], "name": "CVE-2014-3153", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.", "It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet." ], "upstream_fix": "tomcat 6.0.47, tomcat 8.5.5, tomcat 7.0.72, tomcat 8.0.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6796\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6796\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-6796", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-05T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.", "A vulnerability was found in the Linux kernel. Payloads of NM entries are not supposed to contain NUL. When such entry is processed, only the part prior to the first NUL goes into the concatenation (i.e. the directory entry name being encoded by a bunch of NM entries). The process stops when the amount collected so far + the claimed amount in the current NM entry exceed 254. However, the value returned as the total length is the sum of *claimed* sizes, not the actual amount collected. And that's what will be passed to readdir() callback as the name length - 8Kb __copy_to_user() from a buffer allocated by __get_free_page()." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4913\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4913" ], "name": "CVE-2016-4913", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8688\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8688\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8688", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-10T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.", "A security flaw was found in the Linux kernel in the mark_source_chains() function in \"net/ipv4/netfilter/ip_tables.c\". It is possible for a user-supplied \"ipt_entry\" structure to have a large \"next_offset\" field. This field is not bounds checked prior to writing to a counter value at the supplied offset." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This issue is not currently planned to be addressed in future updates, as user namespaces which the flaw affects are not supported in these products. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3134\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3134" ], "name": "CVE-2016-3134", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.", "A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-11176\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11176" ], "name": "CVE-2017-11176", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-05-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.", "A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root." ], "statement": "This vulnerability exists in the samba server, client side packages are not affected.", "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7494\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7494\nhttps://www.samba.org/samba/security/CVE-2017-7494.html" ], "csaw": true, "name": "CVE-2017-7494", "mitigation": { "value": "Any of the following:\n1. SELinux is enabled by default and our default policy prevents loading of modules from outside of samba's module directories and therefore blocks the exploit\n2. Mount the filesystem which is used by samba for its writable share using \"noexec\" option.\n3. Add the parameter:\nnt pipe support = no\nto the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2019-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.", "A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14868\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14868" ], "name": "CVE-2019-14868", "mitigation": { "value": "No known mitigation available.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-06-17T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.", "An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not." ], "acknowledgement": "This issue was discovered by Martin Basti (Red Hat) and Petr Spacek (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4992\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4992\nhttps://github.com/389ds/389-ds-base/commit/0b932d4b926d46ac5060f02617330dc444e06da1" ], "name": "CVE-2016-4992", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-567", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).", "It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2579\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2579" ], "name": "CVE-2018-2579", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.", "A flaw was found in the FreeRDP client where it fails to validate input data when using connections with GDI or SurfaceCommands. This flaw could allow a malicious server sending graphics updates to a client to cause an out of bounds write in client memory using a specially crafted input. The highest threat from this flaw is that it could allow arbitrary code to be executed on the target system." ], "upstream_fix": "FreeRDP 2.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-41160\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41160" ], "name": "CVE-2021-41160", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5254\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5254\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-70.html" ], "name": "CVE-2016-5254", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14578\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14578" ], "name": "CVE-2020-14578", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-470", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21434\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21434" ], "name": "CVE-2022-21434", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-125", "details": [ "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read." ], "upstream_fix": "qt 5.15.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-17507\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-17507" ], "name": "CVE-2020-17507", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18493\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18493\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18493" ], "name": "CVE-2018-18493", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5439\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5439\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5439" ], "name": "CVE-2017-5439", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-10T09:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-327", "details": [ "The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka \"KNOB\") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.", "A flaw was discovered in the Bluetooth protocol. An attacker within physical proximity to the Bluetooth connection could downgrade the encryption protocol to be trivially brute forced." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9506\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9506" ], "name": "CVE-2019-9506", "mitigation": { "value": "At this time there is no known mitigation if bluetooth hardware is to be continue to be used. Replacing the hardware with its wired version and disabling bluetooth may be a suitable alternative for some environments.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while re-computing layout for a \"marquee\" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7801\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7801\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7801" ], "name": "CVE-2017-7801", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2641\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2641" ], "name": "CVE-2018-2641", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8735\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8735\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8735", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-09-15T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.", "A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6410\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6410" ], "name": "CVE-2014-6410", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes." ], "upstream_fix": "thunderbird 91.8, firefox 91.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-24713\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24713" ], "name": "CVE-2022-24713", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew Swan and Rob Wu as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12395\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12395\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12395" ], "name": "CVE-2018-12395", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.", "A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "linuxptp 3.1.1, linuxptp 1.8.1, linuxptp 1.7.1, linuxptp 1.9.3, linuxptp 1.5.1, linuxptp 1.6.1, linuxptp 2.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3570\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3570" ], "name": "CVE-2021-3570", "mitigation": { "value": "Only attackers that can connect to the `ptp4l` service can exploit this vulnerability. If `ptp4l` is bound only to a private network interface, or is protected by firewall rules to block incoming PTP management messages, the attack surface is correspondingly limited. When using the UDP IPv4 or IPv6 network transport, the following tcpdump filter can be used to detect PTP management messages:\n```\n(port 319 or port 320) and udp[8]&0xf=0xd\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.", "A use-after-free flaw was found in the acm_probe USB subsystem in the Linux kernel. A race condition occurs when a destroy() procedure is initiated allowing the refcount to decrement on the interface so early that it is never under counted. A malicious USB device is required for exploit. System availability is the largest threat from the vulnerability, however data integrity and confidentiality are also threatened." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19530\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19530\nhttp://seclists.org/oss-sec/2019/q4/115\nhttp://www.openwall.com/lists/oss-security/2019/12/03/4\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.10\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c52873e5a1ef72f845526d9f6a50704433f9c625" ], "name": "CVE-2019-19530", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-29T00:00:00Z", "cvss3": { "cvss3_base_score": "2.6", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.", "A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected (302) from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker could exploit this flaw to obtain a user's valid credentials." ], "upstream_fix": "python-requests 2.20.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18074\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18074" ], "name": "CVE-2018-18074", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-03-31T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-672", "details": [ "In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11044\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11044" ], "name": "CVE-2020-11044", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-12T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a \"state machine confusion bug.\"", "A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9083\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9083" ], "name": "CVE-2016-9083", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked." ], "upstream_fix": "Archive_Tar 1.4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-28948\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-28948" ], "name": "CVE-2020-28948", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-28T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "glibc 2.29", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10739\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10739" ], "name": "CVE-2016-10739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3150\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3150" ], "name": "CVE-2018-3150", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.", "A flaw was found in Mozilla's Firefox. A race condition can occur when handling a ReadableStream causing a use-after-free memory issue. The highest threat from this vulnerability are to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francisco Alonso and Javier Marcos as the original reporter.", "upstream_fix": "firefox 68.6.1, firefox 74.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6820\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6820\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820" ], "name": "CVE-2020-6820", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.", "A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality." ], "statement": "This is a side-channel attack that can be used to exact pirate keys when ECDSA signatures are being generated. This attack is only feasible when the attacker is local to the machine or in certain cross-VM scenarios where the signature is being generated. Attacks over the network or via the internet are not feasible.", "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Cesar Pereida Garcia and the Network and Information Security Group (NISEC) as the original reporter.", "upstream_fix": "nss 3.55", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12400\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12400\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes" ], "name": "CVE-2020-12400", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-01T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-772", "details": [ "Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations.", "A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfs_attr_shortform_list and xfs_attr3_leaf_list_int when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of service situation." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 and 7. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Qian Cai (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9685\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9685" ], "name": "CVE-2016-9685", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker. The vulnerability is mitigated by the need for the attacker to know the precise file path in the target system, and the need to trick the user into saving the document and sending it back.", "It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document." ], "upstream_fix": "libreoffice 5.1.6, libreoffice 5.2.5, libreoffice 5.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3157\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3157\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/" ], "name": "CVE-2017-3157", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-06-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-449", "details": [ "The error page for sites with invalid TLS certificates was missing the\nactivation-delay Firefox uses to protect prompts and permission dialogs\nfrom attacks that exploit human response time delays. If a malicious\npage elicited user clicks in precise locations immediately before\nnavigating to a site with a certificate error and made the renderer\nextremely busy at the same time, it could create a gap between when\nthe error page was loaded and when the display actually refreshed.\nWith the right timing the elicited clicks could land in that gap and \nactivate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 102.12, firefox 102.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-34414\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34414\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34414\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34414" ], "name": "CVE-2023-34414", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-17T00:00:00Z", "cvss": { "cvss_base_score": "3.2", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a crafted blkiotune query, which triggers an out-of-bounds read.", "An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process." ], "statement": "This issue does not affect the versions of libvirt packages as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of libvirt packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "acknowledgement": "This issue was discovered by Luyao Huang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3633\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3633" ], "name": "CVE-2014-3633", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers Nika Layzell, Timothy Nikkel, Jeff Muizelaar, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team reporting memory safety bugs present in Firefox 104 and Firefox ESR 102.2. Some of these bugs showed evidence of memory corruption and the presumption that with enough effort, some have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102.3, firefox 102.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40962\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40962\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40962" ], "name": "CVE-2022-40962", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-05-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-807", "details": [ "Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.", "A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root." ], "acknowledgement": "Red Hat would like to thank Qualys Security for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000367\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000367\nhttps://access.redhat.com/security/vulnerabilities/3059071\nhttps://www.sudo.ws/alerts/linux_tty.html" ], "name": "CVE-2017-1000367", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.", "It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7, and MRG-2. Future Linux kernel updates for the respective releases might address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4312\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4312" ], "name": "CVE-2013-4312", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.", "A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share." ], "statement": "This issue affects the version of samba shipped with Red Hat Gluster Storage 3, as it contains the vulnerable functionality.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann for reporting this issue.", "upstream_fix": "samba 4.8.11, samba 4.9.6, samba 4.10.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3880\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3880\nhttps://www.samba.org/samba/security/CVE-2019-3880.html" ], "name": "CVE-2019-3880", "mitigation": { "value": "Either turn off SMB1 by setting the global parameter:\n'min protocol = SMB2'\nor if SMB1 is required turn off unix extensions by setting the global parameter:\n'unix extensions = no'\nin the smb.conf file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-305", "details": [ "An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)", "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible." ], "statement": "Versions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.", "upstream_fix": "Python 3.11.5, Python 3.10.13, Python 3.9.18, Python 3.8.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-40217\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40217\nhttps://github.com/python/cpython/issues/108310\nhttps://github.com/python/cpython/pull/108315\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/" ], "name": "CVE-2023-40217", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-26T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.", "A stack-based buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8501\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8501" ], "name": "CVE-2014-8501", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nOn 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "firefox 115.10, thunderbird 115.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-3859\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3859\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3859\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3859" ], "name": "CVE-2024-3859", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "Apache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.", "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected." ], "statement": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.", "upstream_fix": "Apache Commons BCEL 6.6.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42920\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42920\nhttps://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4" ], "name": "CVE-2022-42920", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.", "A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the \"DEFLATE\" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system." ], "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0118\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0118\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0118", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-805", "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4500\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4500\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-96/" ], "name": "CVE-2015-4500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14036\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14036" ], "name": "CVE-2018-14036", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2738\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2738\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2738", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.", "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests." ], "upstream_fix": "squid 6.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-46728\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46728\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f\nhttps://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html" ], "name": "CVE-2023-46728", "mitigation": { "value": "To mitigate this issue, create an access list configuration to reject all gopher URL requests:\nSet ACL directives in your squid.conf file (or equivalent) as follows:\nacl gopher proto gopher\nhttp_access deny gopher\nImportant: This sequence must be placed above any lines starting with \"http_access allow\" in your configuration.\nObservation: Some loss of performance may occur with this configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-31T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\nThe nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT.\nWe recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.", "A flaw was found in the Netfilter subsystem in the Linux kernel. This issue occurs in the nft_verdict_init() function, allowing positive values as a drop error within the hook verdict, therefore, the nf_hook_slow() function can cause a double-free vulnerability when NF_DROP is issued with a drop error that resembles NF_ACCEPT. The nf_tables component can be exploited to achieve local privilege escalation." ], "statement": "This flaw is rated as having an Important impact. There is the limitation that it can only be exploited by a local user with access to Netfilter, but can still allow privilege escalation if user namespaces are enabled and Netfilter is being used.", "upstream_fix": "kernel 6.8-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1086\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1086\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660\nhttps://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660" ], "csaw": true, "name": "CVE-2024-1086", "mitigation": { "value": "1. This flaw can be mitigated by preventing the affected netfilter (nf_tables) kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.\n2. If the module cannot be disabled, on non-containerized deployments of Red Hat Enterprise Linux, the mitigation is to disable user namespaces:\n```\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n```\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use the second mitigation (disabling user namespaces) as the functionality is needed to be enabled. The first mitigation (blacklisting nf_tables) is still viable for containerized deployments, providing the environment is not using netfilter.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2016-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument.", "A vulnerability was found in libevent with the parsing of IPv6 addresses. If an attacker could cause an application using libevent to parse a malformed address in IPv6 notation of more than 2GiB in length, a stack overflow would occur leading to a crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10196\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10196" ], "name": "CVE-2016-10196", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-502->CWE-190->CWE-200", "details": [ "A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value.", "A flaw was found in dict.c:dict_unserialize function of glusterfs, dic_unserialize function does not handle negative key length values. An attacker could use this flaw to read memory from other locations into the stored dict value." ], "statement": "This flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10911\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10911" ], "name": "CVE-2018-10911", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4511\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4511\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-105/" ], "name": "CVE-2015-4511", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.", "A race condition was found in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service." ], "acknowledgement": "This issue was discovered by Thierry Bordaz (Red Hat).", "upstream_fix": "389-ds-base 1.4.0.10, 389-ds-base 1.3.8.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10850\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10850\nhttps://pagure.io/389-ds-base/issue/49768" ], "name": "CVE-2018-10850", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference.", "A stack buffer overflow flaw was found in glibc in the way the printf family of functions processed an 80-bit long double with a non-canonical bit pattern. This flaw allows an attacker who can control the arguments of these functions with the non-standard long double pattern to trigger an overflow and cause an application crash. The highest threat from this vulnerability is to system availability." ], "statement": "This is essentially a crash which can only be triggered by a non-standard argument passed as a long double input to a member of printf family of functions. The application has to be written in this way to allow this issue to be triggered. The maximum impact is an application crash.", "upstream_fix": "glibc 2.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-29573\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-29573\nhttps://sourceware.org/pipermail/libc-alpha/2020-September/117779.html" ], "name": "CVE-2020-29573", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.", "It was found that 389-ds-base did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances." ], "acknowledgement": "This issue was discovered by Martin Poole (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15135\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15135" ], "name": "CVE-2017-15135", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When navigating from inside an iframe while requesting full screen access, an attacker-controlled tab could have made the browser unable to leave full screen mode." ], "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22743\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22743" ], "name": "CVE-2022-22743", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-807", "details": [ "As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Niklas Baumstark as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9811\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-9811" ], "name": "CVE-2019-9811", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.", "An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service." ], "upstream_fix": "kernel 4.18-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13094\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13094" ], "name": "CVE-2018-13094", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", "An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application." ], "statement": "This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 and 6 as the flaw was introduced in a later version (1.11).", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9423\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9423\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-9423", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-11T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.", "It was found that the unlink and rename functionality in overlayfs did not verify the upper dentry for staleness. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to panic or crash the system." ], "statement": "This issue is not present in the Linux kernel packages as shipped with Red Hat Enterprise Linux versions 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by CAI Qian (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6197\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6197" ], "name": "CVE-2016-6197", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-02T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).", "Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a \"mcryptd(alg)\" name construct. This causes mcryptd to crash the kernel if an arbitrary \"alg\" is incompatible and not intended to be used with mcryptd." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG-2 as the flaw is not present in the products listed.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10147\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10147" ], "name": "CVE-2016-10147", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.", "It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.3.7, samba 4.2.10, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2112\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2112\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2112", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.", "A flaw that allowed an attacker to leak kernel memory was found in the network subsystem where an attacker with permissions to create tun/tap devices can create a denial of service and panic the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15916\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15916" ], "name": "CVE-2019-15916", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.", "A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Imre Rad (Search-Lab) as the original reporter.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0221\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0221\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0221", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7212\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7212\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-139.html" ], "name": "CVE-2015-7212", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-349", "details": [ "When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown with an arbitrary sender email address chosen by the attacker. If the sender name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if the signing key or certificate was accepted by Thunderbird, the email was shown as having a valid digital signature. This vulnerability affects Thunderbird < 91.10.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird displays all spaces. This flaw allows an attacker to send an email message with the attacker's digital signature that shows an arbitrary sender email address chosen by the attacker. If the sender's name started with a false email address, followed by many Braille space characters, the attacker's email address was not visible. Because Thunderbird compared the invisible sender address with the signature's email address, if Thunderbird accepted the signing key or certificate, the email was shown as having a valid digital signature." ], "upstream_fix": "thunderbird 91.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1834\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1834" ], "name": "CVE-2022-1834", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.", "A vulnerability was discovered in Apache httpd, in mod_rewrite. Certain self-referential mod_rewrite rules could be fooled by encoded newlines, causing them to redirect to an unexpected location. An attacker could abuse this flaw in a phishing attack or as part of a client-side attack on browsers." ], "upstream_fix": "httpd 2.4.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10098\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10098\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2019-10098", "mitigation": { "value": "This flaw requires the use of certain Rewrite configuration directives. The following command can be used to search for possible vulnerable configurations:\ngrep -R '^\\s*Rewrite' /etc/httpd/\nSee https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-24T12:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125->CWE-787", "details": [ "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host.", "An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host." ], "statement": "This issue affects the version of the qemu-kvm package as shipped with the Red Hat Enterprise Linux 6, 7 and 8. Future qemu-kvm package updates for Red Hat Enterprise Linux 6, 7 and 8 may\naddress this issue.\nRed Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in its future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat OpenStack Platform 15 and newer consume fixes directly from the Red Hat Enterprise Linux 8 Advanced Virtualization repository.", "acknowledgement": "Red Hat would like to thank Xiao Wei (360.com) and Ziming Zhang for reporting this issue.", "upstream_fix": "QEMU 5.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14364\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14364\nhttps://www.openwall.com/lists/oss-security/2020/08/24/2\nhttps://www.openwall.com/lists/oss-security/2020/08/24/3" ], "name": "CVE-2020-14364", "mitigation": { "value": "Using Libvirt management interface to manage guest VMs significantly reduces impact of this issue. Libvirt starts each guest process with an unprivileged system user(ex. qemu) privileges and further confines the process with strict sVirt and SELinux policies.\n* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_security_guide/", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5278\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5278\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5278", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-20T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.", "A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 7 and MRG-2. This issue is not currently planned to be addressed in future Red Hat Enterprise Linux 5 kernel updates. Future Linux kernel updates for other releases may address this issue.\nFor additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3339\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3339" ], "name": "CVE-2015-3339", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-12-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "When an extension with the proxy permission registered to receive , the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen an extension with the proxy permission registered to receive ``, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yassine Tioual as the original reporter.", "upstream_fix": "thunderbird 78.6, firefox 78.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-35111\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35111\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35111" ], "name": "CVE-2020-35111", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nModule load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in `ScriptLoadContext`." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25739\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25739\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25739\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25739" ], "name": "CVE-2023-25739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8808\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8808\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8808", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky, Carsten Book, Christian Holler, David Bolter, Gary Kwong, Jesse Ruderman, Mats Palmgren, and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2806\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2806\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-39.html" ], "name": "CVE-2016-2806", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file." ], "upstream_fix": "libxml2 2.9.6, chromium-browser 63.0.3239.84", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15412\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15412\nhttps://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html" ], "name": "CVE-2017-15412", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.", "A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Volker Lendecke (SerNet and the Samba Team) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15275\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15275\nhttps://www.samba.org/samba/security/CVE-2017-15275.html" ], "name": "CVE-2017-15275", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-10-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.", "A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "upstream_fix": "xorg-server 21.1.9, xwayland 23.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5367\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5367\nhttps://lists.x.org/archives/xorg-announce/2023-October/003430.html" ], "name": "CVE-2023-5367", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-04T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.", "A directory traversal flaw was found in the strip and objcopy utilities. A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8737\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8737" ], "name": "CVE-2014-8737", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "\"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Catalina 10.15. A user may be unable to delete browsing history items." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8768\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8768\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8768", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-01-18T15:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a \"--\" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.", "A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user (usually root). The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a file using sudoedit." ], "upstream_fix": "sudo 1.9.12p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22809\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22809\nhttps://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2\nhttps://www.sudo.ws/security/advisories/sudoedit_any/" ], "name": "CVE-2023-22809", "mitigation": { "value": "It is possible to prevent a user-specified editor from being used by sudoedit by adding the following line to the sudoers file.\n~~~\nDefaults!sudoedit env_delete+=\"SUDO_EDITOR VISUAL EDITOR\"\n~~~\nTo restrict the editor when editing specific files, a Cmnd_Alias can be used, for example:\n~~~\nCmnd_Alias EDIT_MOTD = sudoedit /etc/motd\nDefaults!EDIT_MOTD env_delete+=\"SUDO_EDITOR VISUAL EDITOR\"\nuser ALL = EDIT_MOTD\n~~~\nBut if possible please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-862", "details": [ "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.", "A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel." ], "statement": "This issue is rated as having Moderate impact due to the required privileges and hardware dependencies.", "acknowledgement": "Red Hat would like to thank Daniel Axtens (IBM) for reporting this issue.", "upstream_fix": "kernel 5.10-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-27777\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27777\nhttps://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764\nhttps://www.openwall.com/lists/oss-security/2020/10/09/1\nhttps://www.openwall.com/lists/oss-security/2020/11/23/2" ], "name": "CVE-2020-27777", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-01T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13033\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13033" ], "name": "CVE-2018-13033", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the firmware for some Intel(R) Graphics Drivers for Windows * before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access.", "A flaw was found in the Linux kernel. An integer overflow in the firmware for some Intel(R) Graphics Drivers may allow a privileged user to potentially enable an escalation of privilege via local access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Only users that specify i915.enable_guc=-1 or i915.enable_guc=1 or 2 are open to be exploited by this issue.\nDue to the full fix (combination of kernel and firmware updates) being invasive and GUC firmware loading is off by default, Red Hat Enterprise Linux kernel versions prior to the Linux kernel version shipped with Red Hat Enterprise Linux 8.4 GA (kernel-4.18.0-305.el8) print a warning in the kernel log (\"GUC firmware is insecure - CVE 2020-12362 - Please update to a newer release to get secure GUC\") and do not rely on the firmware fix. As a result, Red Hat Enterprise Linux versions prior Red Hat Enterprise Linux 8.4 GA (including Red Hat Enterprise Linux 6 and 7) do not include the updated firmware packages.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12362\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12362" ], "name": "CVE-2020-12362", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU.", "It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system." ], "statement": "This issue does affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5, even though the impact is limited.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3690\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3690" ], "name": "CVE-2014-3690", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.", "The net/netfilter/nfnetlink_cthelper.c function in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations. This allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2, as a code with the flaw is not present or is not built in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17448\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17448" ], "name": "CVE-2017-17448", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-459", "details": [ "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access." ], "statement": "Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA, and documentation) for releasing this content as RHSA. For more information please contact the binary content vendor.", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21166\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21166\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html" ], "name": "CVE-2022-21166", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.", "A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges." ], "upstream_fix": "openssh 7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6564\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6564\nhttp://www.openssh.com/txt/release-7.0" ], "name": "CVE-2015-6564", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2800\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2800" ], "name": "CVE-2020-2800", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-190->(CWE-125|CWE-787)", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20918\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20918\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20918", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: Freeing arbitrary nsIInputStream's on a different thread than creation could have led to a use-after-free and potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "upstream_fix": "firefox 102.5, thunderbird 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45405\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45405\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45405\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45405" ], "name": "CVE-2022-45405", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.", "A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "upstream_fix": "xorg-server 21.1.12, xwayland 23.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-31083\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31083" ], "name": "CVE-2024-31083", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-02T00:00:00Z", "cvss": { "cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.", "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise\nLinux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this\nissue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8630\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8630" ], "name": "CVE-2016-8630", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.", "A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes." ], "upstream_fix": "kernel 5.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2964\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2964" ], "name": "CVE-2022-2964", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.", "Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2570\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2570\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2570", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-648", "details": [ "By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kaizer Soze as the original reporter.", "upstream_fix": "thunderbird 78.2, thunderbird 68.12, firefox 68.12, firefox 80, firefox 78.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15664\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15664\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664" ], "name": "CVE-2020-15664", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Bone as the original reporter.", "upstream_fix": "firefox 115.10, thunderbird 115.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-3864\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3864\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3864\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3864" ], "name": "CVE-2024-3864", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Scott Bell as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2713\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2713\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-51.html" ], "name": "CVE-2015-2713", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9076\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9076" ], "name": "CVE-2017-9076", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-24T18:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.", "A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested(=1) virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to potentially access information of the L1 hypervisor." ], "acknowledgement": "This issue was discovered by Paolo Bonzini (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2732\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2732" ], "name": "CVE-2020-2732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-390", "details": [ "The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a \"protocol downgrade\" issue.", "A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions." ], "upstream_fix": "openssl 1.0.1i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3511\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3511\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3511", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8587\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8587\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8587", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-285", "details": [ "A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in grub2. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-27779\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27779" ], "name": "CVE-2020-27779", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2762\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2762" ], "name": "CVE-2019-2762", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.", "An out-of-bounds read has been discovered in libsoup when getting cookies from a URI with empty hostname. An attacker may use this flaw to cause a crash in the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12910\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12910" ], "name": "CVE-2018-12910", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1587\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1587\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-83.html" ], "name": "CVE-2014-1587", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-22T00:00:00Z", "cvss": { "cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 and 3.1 before 3.1.0.2 allows guest OS users to cause a denial of service (host OS infinite loop and hang) via unspecified vectors." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3044\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3044" ], "name": "CVE-2016-3044", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15693\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15693" ], "name": "CVE-2019-15693", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0686\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0686\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-0686", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2618\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2618" ], "name": "CVE-2018-2618", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-10T10:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault.", "A NULL pointer dereference flaw was found in the Linux kernel’s Virtual Terminal subsystem was found in how a user calls the VT_RESIZEX ioctl. This flaw allows a local user to crash the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-36558\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36558\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb" ], "name": "CVE-2020-36558", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank The Mozilla Project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7809\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7809\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7809" ], "name": "CVE-2017-7809", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.", "An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9776\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9776" ], "name": "CVE-2017-9776", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-08T21:30:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.", "A denial of service flaw was discovered in bind versions that include the \"deny-answer-aliases\" feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition." ], "statement": "The \"deny-answer-aliases\" configuration option is not enabled in default configurations of bind. Upstream states that this option is very rarely used. As such, if customers have not specifically enabled this option in configurations, the risk should be mitigated.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) as the original reporter.", "upstream_fix": "bind 9.12.2-P1, bind 9.9.13-P1, bind 9.11.3-S3, bind 9.10.8-P1, bind 9.11.4-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5740\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5740\nhttps://kb.isc.org/article/AA-01639/74/CVE-2018-5740" ], "name": "CVE-2018-5740", "mitigation": { "value": "Disabling the \"deny-answer-aliases\" configuration option should prevent exploitation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5277\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5277\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5277", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-21T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-122", "details": [ "Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.", "A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later \"import\" statement could cause a heap overflow, leading to arbitrary code execution." ], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5636\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5636" ], "name": "CVE-2016-5636", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.", "The Mozilla Foundation Security Advisory describes this flaw as:\nFailure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash." ], "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43539\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43539" ], "name": "CVE-2021-43539", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.", "A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/3553061\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9. Future kernel updates for the respective releases will address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, but to a lesser degree. As such, the issue severity for RHEL5 is considered Moderate. This is not currently planned to be addressed in future updates of the product due to its life cycle and the issue severity. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5390\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5390\nhttps://access.redhat.com/articles/3553061\nhttps://www.kb.cert.org/vuls/id/962459\nhttps://www.spinics.net/lists/netdev/msg514742.html" ], "csaw": true, "name": "CVE-2018-5390" }, { "threat_severity": "Moderate", "public_date": "2022-07-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-402", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21540\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21540" ], "name": "CVE-2022-21540", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.", "A use-after-free flaw was found in the way NSS handled DHE (Diffie–Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Eric Rescorla as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1978\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1978\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-15.html" ], "name": "CVE-2016-1978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0827\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0827\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-19" ], "name": "CVE-2015-0827", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2677\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2677" ], "name": "CVE-2018-2677", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-497", "details": [ "Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox behaving slightly differently for already known resources when loading CSS resources involving CSS variables. This flaw could probe the browser history." ], "upstream_fix": "thunderbird 91.9, firefox 91.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29916\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29916" ], "name": "CVE-2022-29916", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-02-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0", "An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "upstream_fix": "dhcp 4.4.1, dhcp 4.1-ESV-R15-P1, dhcp 4.3.6-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5732\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5732\nhttps://kb.isc.org/article/AA-01565" ], "name": "CVE-2018-5732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L", "status": "verified" }, "details": [ "curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.", "A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is to file integrity." ], "statement": "This issue only affects the 'curl' command line utility. Additionally, this is only an issue when using the '-J' (with the '-O' option) and '-i' command line options combined.\nIn most cases, there is nothing to gain for a local attacker here: the curl command line utility is likely running with the same privileges as the user, and thus the user can already overwrite all the files curl could overwrite. However, a local user will have to call curl with the '-J' and '-i' command line options while requesting content from a malicious server, which then opens up an opportunity for the malicious server to overwrite local files.", "upstream_fix": "curl 7.71.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8177\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8177\nhttps://curl.haxx.se/docs/CVE-2020-8177.html" ], "name": "CVE-2020-8177", "mitigation": { "value": "The vulnerability is only possible when using the '-J' and '-i' switches in conjunction with the curl command. Executing curl without these switches mitigates the flaw.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A denial of service issue was addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. A malicious website may be able to cause a denial of service." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3862\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3862\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3862", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4513\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4513\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-116.html" ], "name": "CVE-2015-4513", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-09T18:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125->CWE-200", "details": [ "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.", "An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data." ], "statement": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Virtualization Hypervisor and Management Appliance include vulnerable versions of systemd. However, since exploitation requires local access and impact is restricted to information disclosure, this flaw is rated as having a security issue of Low. Future updates may address this issue.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16866\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16866\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt" ], "name": "CVE-2018-16866", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1973\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1973\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-33.html" ], "name": "CVE-2016-1973", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.", "It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications." ], "upstream_fix": "tomcat 8.5.5, tomcat 6.0.47, tomcat 7.0.72, tomcat 8.0.37", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5018\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5018\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-5018", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21340\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21340" ], "name": "CVE-2022-21340", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients.", "A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients." ], "statement": "This flaw affects applications that are compiled against OpenSSL or GnuTLS and do not allocate an extra thread for processing ClientHello messages. Nginx is affected by this issue; Apache httpd is not affected by this issue. This issue has been rated as having a security impact of Moderate. It requires an attacker to send a very large amount of SSL ALERT messages to the host network connection. This issue can also be mitigated by configuring firewalls to limit the number of connections per IP address, or use deep packet inspection to reject these type of alert packets. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8610\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8610\nhttp://security.360.cn/cve/CVE-2016-8610" ], "name": "CVE-2016-8610", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-standard headers such as X-Http-Method-Override that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on fetch() and XMLHttpRequest; however some webservers have implemented non-standard headers such as X-Http-Method-Override that override the HTTP method, and made this attack possible again. Firefox has applied the same mitigations to the use of this and similar headers." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges scarlet as the original reporter.", "upstream_fix": "firefox 102.5, thunderbird 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45411\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45411\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45411\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45411" ], "name": "CVE-2022-45411", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2163\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2163" ], "name": "CVE-2021-2163", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7180\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7180\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7180", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-305", "details": [ "A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.", "A vulnerability was found in mod_auth_mellon. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication." ], "statement": "This issue did not affect the versions of mod_auth_mellon as shipped with Red Hat Enterprise Linux 6 as they did not include support for ECP.", "upstream_fix": "mod_auth_mellon 0.14.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3878\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3878\nhttps://github.com/Uninett/mod_auth_mellon/pull/196" ], "name": "CVE-2019-3878", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-04T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a \"double fetch\" vulnerability.", "When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and 7. This has been rated as having Moderate security impact and is planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6136\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6136" ], "name": "CVE-2016-6136", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-122", "details": [ "unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.", "A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9636\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9636" ], "name": "CVE-2014-9636", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.", "A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash." ], "statement": "This issue affects the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of httpd24-httpd as shipped with Red Hat Software Collections. Product Security has rated this issue as having Moderate security impact.\nIn order to be vulnerable, .htaccess files need to contain an invalid or not globally registered HTTP method in a \"Limit\" directive.", "acknowledgement": "Red Hat would like to thank Hanno Böck for reporting this issue.", "upstream_fix": "httpd 2.4.28, httpd 2.2.35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9798\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9798\nhttps://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" ], "name": "CVE-2017-9798", "mitigation": { "value": "This issue can be mitigated by configuring httpd to disallow the use of the \"Limit\" configuration directive in .htaccess files. The set of directives that can be used in .htaccess files is configured using the \"AllowOverride\" directive. Refer to Red Hat Bugzilla bug 1490344 for further details:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1490344#c18", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight and the Mozilla Fuzzing Team and Karl Tomlinson and Valentin Gosu and Randell Jesup and Yury Delendik as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6864\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6864\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864" ], "name": "CVE-2023-6864", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXvQueryExtension, (2) SProcXvQueryAdaptors, (3) SProcXvQueryEncodings, (4) SProcXvGrabPort, (5) SProcXvUngrabPort, (6) SProcXvPutVideo, (7) SProcXvPutStill, (8) SProcXvGetVideo, (9) SProcXvGetStill, (10) SProcXvPutImage, (11) SProcXvShmPutImage, (12) SProcXvSelectVideoNotify, (13) SProcXvSelectPortNotify, (14) SProcXvStopVideo, (15) SProcXvSetPortAttribute, (16) SProcXvGetPortAttribute, (17) SProcXvQueryBestSize, (18) SProcXvQueryPortAttributes, (19) SProcXvQueryImageAttributes, or (20) SProcXvListImageFormats function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8099\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8099\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8099", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7754\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7754\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754" ], "name": "CVE-2017-7754", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4835\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4835\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4835", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88." ], "statement": "Tomcat 6, and Red Hat products shipping it, are not affected by this CVE. Tomcat 7, 8, and 9, as well as Red Hat Products shipping them, are affected. Affected products, including Red Hat JBoss Web Server 3 and 5, Enterprise Application Server 6, and Fuse 7, may provide fixes for this issue in a future release.", "upstream_fix": "tomcat 9.0.10, tomcat 8.5.32, tomcat 8.0.53, tomcat 7.0.90", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8034\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8034" ], "name": "CVE-2018-8034", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-26T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-184", "details": [ "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.", "It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat).", "upstream_fix": "sudo 1.8.18p1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7076\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7076\nhttps://www.sudo.ws/alerts/noexec_wordexp.html" ], "name": "CVE-2016-7076", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank Donal Meehan, Sebastian Hengst, and the Mozilla project for reporting this issue. Upstream acknowledges the Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "thunderbird 115.2, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4585\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4585\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585" ], "name": "CVE-2023-4585", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.", "It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Carl Henrik Lunde for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9420\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9420" ], "name": "CVE-2014-9420", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-04T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the \"== 0x1c\" case.", "An out-of-bounds read vulnerability has been discovered in IptcData::printStructure in iptc.cpp file of Exiv2 0.26. An attacker could cause a crash or an information leak by providing a crafted image." ], "statement": "This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7, up to 7.4, as they did not include support for printing IPTC Photo Metadata.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9305\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9305" ], "name": "CVE-2018-9305", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.", "A flaw was found in the mwifiex implementation in the Linux kernel. A system connecting to wireless access point could be manipulated by an attacker with advanced permissions on the access point into localized memory corruption or possibly privilege escalation." ], "acknowledgement": "Red Hat would like to thank huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10126\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10126" ], "name": "CVE-2019-10126", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky, Carsten Book, Christian Holler, Christoph Diehl, Iris Hsiao, Jan de Mooij, Olli Pettay, Raymond Forbes, and Timothy Nikkel as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9893\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9893\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9893" ], "name": "CVE-2016-9893", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A possibly exploitable crash triggered during layout and manipulation of bidirectional unicode text in concert with CSS animations. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5449\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5449\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5449" ], "name": "CVE-2017-5449", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "firefox 115.7, thunderbird 115.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0750\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0750\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0750\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0750" ], "name": "CVE-2024-0750", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.1", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.", "The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as the flaw was already fixed in the products listed.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7915\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7915" ], "name": "CVE-2016-7915", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ryan Duff as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5284\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5284\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5284", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.", "A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service." ], "upstream_fix": "kernel 4.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19985\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19985" ], "name": "CVE-2018-19985", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-28T00:00:00Z", "cvss": { "cvss_base_score": "4.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-697->CWE-863", "details": [ "389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call.", "A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server." ], "statement": "This issue does not affect the version of 389-ds-base package as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "This issue was discovered by Simo Sorce (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1854\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1854" ], "name": "CVE-2015-1854", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-252", "details": [ "X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka xserver and xorg-server) before 1.16.3, when using SUN-DES-1 (Secure RPC) authentication credentials, does not check the return value of a malloc call, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a crafted connection request.", "It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8091\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8091\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8091", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.", "A heap buffer overflow leading to out-of-bounds write was found in freetype. Memory allocation based on truncated PNG width and height values allows for an out-of-bounds write to occur in application memory when an attacker supplies a specially crafted TTF file." ], "statement": "Although firefox and thunderbird, as shipped with Red Hat Enterprise Linux 6, bundle a version (2.4.11) of freetype in gtk3-private, the version is not affected by this flaw because the vulnerable code was introduced in a subsequent version of freetype. The freetype package shipped with Red Hat Enterprise Linux 5 and 6 is not affected as the vulnerable code was introduced in a subsequent version of freetype.\ngo-freetype as shipped with Red Hat Advanced Cluster Management for Kubernetes is not affected by this flaw because it ships a pure go implementation of freetype which does not include the vulnerable code.", "upstream_fix": "freetype 2.10.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15999\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15999" ], "name": "CVE-2020-15999", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8596\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8596\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8596", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.", "If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a WiFi dongle). This can allow firmware event frames from a remote source to be processed and this can result in denial of service (DoS) condition." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9503\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9503\nhttps://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html#cve-2019-9503-remotely-sending-firmware-events-bypassing-is-wlc-event-frame\nhttps://kb.cert.org/vuls/id/166939/\nhttps://www.bleepingcomputer.com/news/security/broadcom-wifi-driver-flaws-expose-computers-phones-iot-to-rce-attacks/" ], "name": "CVE-2019-9503", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8625\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8625\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8625", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.", "A user enumeration vulnerability flaw was found in OpenSSH, though version 7.7. The vulnerability occurs by not delaying bailout for an invalid authenticated user until after the packet containing the request has been fully parsed. The highest threat from this vulnerability is to data confidentiality." ], "statement": "Red Hat Product Security has rated this issue as having Low severity. An attacker could use this flaw to determine whether given usernames exist or not on the server, but no further information is disclosed and there is no availability or integrity impact. A future update may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15473\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15473" ], "name": "CVE-2018-15473", "mitigation": { "value": "Configuring your firewall to limit the origin and/or rate of incoming ssh connections (using the netfilter xt_recent module) will limit the impact of this attack, as it requires a new TCP connection for each username tested. This configuration also provides some protection against brute-force attacks on SSH passwords or keys.\nSee the following article for more information on limiting access to SSHD: https://access.redhat.com/solutions/8687", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-23T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-665", "details": [ "The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.", "A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6 as it does not contain the affected code. This does not affect the Red Hat Enterprise MRG 2 as it does not enable the affected code at compile time.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7.", "acknowledgement": "Red Hat would like to thank Daniel Borkmann for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4700\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4700" ], "name": "CVE-2015-4700", "mitigation": { "value": "This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected.\nIt can be disabled immediately with the command:\n# echo 0 > /proc/sys/net/core/bpf_jit_enable\nOr it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable\n## start file ##\nnet.core.bpf_jit_enable=0\n## end file ##", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400->CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21426\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21426" ], "name": "CVE-2022-21426", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.", "A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate their privileges on the system." ], "statement": "Considered to be Moderate rate, because by default CIPSO non-enabled and both no known way to reproduce the attack remotely and both it looks complex if even possible to use the attack in any way apart from crashing the system. For the usage of the inbound CIPSO connections, the administrator have to enable it with netlabelctl utility first. The vulnerability is considered to be for local user, because it can happen only when a local user opens a socket for sending packets, but not during receiving packets.", "upstream_fix": "Kernel 5.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-33033\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33033" ], "name": "CVE-2021-33033", "mitigation": { "value": "The mitigation would be not allowing CIPSO labeling for the inbound network connections. For the most of the default configurations both for network routers and for the Linux servers itself it is disabled by default.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.", "It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3425\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3425\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-3425", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-674->CWE-121", "details": [ "libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.", "A stack overflow flaw was found in libcroco. A service using libcroco's CSS parser could be crashed by a local, authenticated attacker, or an attacker utilizing social engineering, using a crafted input. The highest threat from this vulnerability is to system availability." ], "statement": "While Red Hat Enterprise Linux 6, 7 and 8 ship versions of `libcroco` that are vulnerable to this flaw, the packages which use this library as a dependency would require a user to open a malicious file locally for exploitation. Opening such a file may result in a temporary crash of the application. See below for more detailed information:\n* Red Hat Enterprise Linux 8 - `libcroco` is a runtime dependency of `gnome-shell`, `gettext` and `inkscape`.\n* Red Hat Enterprise Linux 7 - `libcroco` is a runtime dependency of `gnome-shell`, `gettext`, `librsvg2` and `inkscape`.\n* Red Hat Enterprise Linux 6 - `libcroco` is required by `firefox` to bundle `gtk3` but `firefox` does not use `libcroco` as its CSS parsing engine or provide gtk3 to other packages, and thus not affected. `libcroco` is a runtime dependency of `inkscape`, `librsvg2` and `gettext`.\nThis flaw has only been demonstrated to cause a crash, but if there is any concern of further exploitation beyond that, Red Hat Enterprise Linux 6, 7, and 8 packages are built with a stack protector and stack ASLR which would significantly reduce the likelihood of further exploitation.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12825\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12825" ], "name": "CVE-2020-12825", "mitigation": { "value": "To mitigate this flaw as it applies to gnome-shell, do not install untrusted gnome-shell extensions or themes. Red Hat Enterprise Linux does not ship with gnome-shell themes that will trigger this vulnerability. To mitigate this flaw as it applies to inkscape, do not open untrusted CSS in inkscape.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.4", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "Multiple integer overflows in X.Org X Window System (aka X11 or X) X11R1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) ProcPutImage, (2) GetHosts, (3) RegionSizeof, or (4) REQUEST_FIXED_SIZE function, which triggers an out-of-bounds read or write.", "Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8092\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8092\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8092", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside the share.", "A flaw was found in samba when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the contents of directories outside of the share." ], "statement": "Only samba configurations where 'wide links' option is explicitly set to 'yes' is affected by this flaw. Therefore default configurations of samba package shipped with Red Hat Products are not affected.\nThis vulnerability exists in the samba server, client side packages are not affected.", "acknowledgement": "Red Hat would like to thank Stefan Metzmacher (SerNet) for reporting this issue.", "upstream_fix": "samba 4.9.13, samba 4.10.8, samba 4.11.0rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10197\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10197\nhttps://www.samba.org/samba/security/CVE-2019-10197.html" ], "name": "CVE-2019-10197", "mitigation": { "value": "The following methods can be used as a mitigation (only one is needed):\n1. Use the 'sharesec' tool to configure a security descriptor for the share that's at least as strict as the permissions on the share root directory.\n2. Use the 'valid users' option to allow only users/groups which are able to enter the share root directory.\n3. Remove 'wide links = yes' if it's not really needed.\n4. In some situations it might be an option to use 'chmod a+x' on the share root directory, but you need to make sure that files and subdirectories are protected by stricter permissions. You may also want to 'chmod a-w' in order to prevent new top level files and directories, which may have less restrictive permissions.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-248", "details": [ "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 does not have an exit handler for the INVVPID instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.", "It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Advanced Threat Research team at Intel Security for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3646\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3646" ], "name": "CVE-2014-3646", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-908", "details": [ "`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\n`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jan Varga as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6865\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6865\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6865" ], "name": "CVE-2023-6865", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.", "A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5,6, 7, realtime and MRG-2.\nRed Hat Enterprise Linux 5 has transitioned to Production phase 3. \nDuring the Production 3 Phase, Critical impact Security Advisories (RHSAs) \nand selected Urgent Priority Bug Fix Advisories (RHBAs) may be released \nas they become available.\nThe official life cycle policy can be reviewed here:\nhttp://redhat.com/rhel/lifecycle\nFuture Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15265\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15265" ], "name": "CVE-2017-15265", "mitigation": { "value": "It is possible to prevent the affected code from being loaded by blacklisting the kernel module snd_seq. Instructions relating to how to blacklist a kernel module are shown here: https://access.redhat.com/solutions/41278 \nAlternatively a custom permission set can be created by udev, the correct permissions will depend on your use case. Please contact Red Hat customer support for creating a rule set that can minimize flaw exposure.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102.7, firefox 102.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-23605\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-23605\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23605\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23605" ], "name": "CVE-2023-23605", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins.\nIn affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.", "An improper input validation vulnerability was found in LibreOffice. In versions where filenames are not sufficiently escaped, an attacker can execute arbitrary GStreamer plugins." ], "upstream_fix": "LibreOffice 7.5.9, LibreOffice 7.6.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6185\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6185\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2023-6185" ], "name": "CVE-2023-6185", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Daniel Veditz and Philipp as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12389\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12389\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389" ], "name": "CVE-2018-12389", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIn some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "firefox 115.10, thunderbird 115.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-3854\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3854\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3854\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3854" ], "name": "CVE-2024-3854", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11087\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11087" ], "name": "CVE-2020-11087", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.", "A flaw was found in squid. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes." ], "upstream_fix": "squid 4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12528\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12528\nhttp://www.squid-cache.org/Advisories/SQUID-2020_2.txt" ], "name": "CVE-2019-12528", "mitigation": { "value": "As a workaround, it is possible to disable support for FTP. In order to do so, remove the following line from your squid configuration file:\nacl Safe_ports 21\nThen add the following lines to your squid configuration file:\nacl FTP proto FTP\nhttp_access deny FTP", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Daniel Holbert and Andrew Osmond and the Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "firefox 115.7, thunderbird 115.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0755\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0755\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0755\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0755" ], "name": "CVE-2024-0755", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-1021", "details": [ "It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95." ], "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43546\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43546" ], "name": "CVE-2021-43546", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-305", "details": [ "In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection." ], "statement": "The \"AuthType Digest\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux. Also upstream discourages the use of mod_auth_digest because of its inherent security weaknesses and recommends the use of mod_ssl.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1312\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1312\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2018-1312", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.", "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality." ], "statement": "This issue is rated as having Moderate impact because of the attack scenario limitation where only local user with access to VT console if at least CAP_SYS_TTY_CONFIG enabled can trigger this issue.", "upstream_fix": "kernel 5.10-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25656\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25656\nhttps://lkml.org/lkml/2020/10/16/84\nhttps://lkml.org/lkml/2020/10/29/528" ], "name": "CVE-2020-25656", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.", "A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability." ], "statement": "The version of Samba shipped with Red Hat Gluster Storage (RHGS) 3 is built with a private copy of ldb (LDAP-like embedded database) library which includes the vulnerable code. However, Samba shipped with RHGS 3 is not supported for use as an Active Directory Domain Controller and hence the impact has been lowered.", "acknowledgement": "Red Hat would like to thank the Samba Project for reporting this issue. Upstream acknowledges Douglas Bagnall (Catalyst and the Samba Team) as the original reporter.", "upstream_fix": "samba 4.12.13, samba 4.14.1, samba 4.13.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20277\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20277\nhttps://www.samba.org/samba/security/CVE-2021-20277.html" ], "name": "CVE-2021-20277", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-15T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.", "A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7, MRG-2 and realtime kernels.\nThis issue does not affect kernels that ship with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8650\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8650" ], "name": "CVE-2016-8650", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-05T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "(CWE-125|CWE-416)", "details": [ "The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.", "A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory." ], "statement": "This issue does not affect the versions of curl as shipped with Red Hat Enterprise Linux 5.\nNote that there are no applications provided with Red Hat Enterprise Linux that use the vulnerable CURLOPT_COPYPOSTFIELDS option, except PHP which could only be affected if used in an extremely unlikely scenario or via the script's author.", "acknowledgement": "Red Hat would like to thank cURL project for reporting this issue. Upstream acknowledges Symeon Paraschoudis as the original reporter.", "upstream_fix": "curl 7.39.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3707\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3707\nhttp://curl.haxx.se/docs/adv_20141105.html" ], "name": "CVE-2014-3707", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-191->CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21443\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21443" ], "name": "CVE-2022-21443", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-21T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-193", "details": [ "The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.", "Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer." ], "statement": "This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3184\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3184" ], "name": "CVE-2014-3184", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nRace conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nika Layzell as the original reporter.", "upstream_fix": "thunderbird 115.1, thunderbird 102.14, firefox 102.14, firefox 115.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4049\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4049\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4049\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4049\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049" ], "name": "CVE-2023-4049", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-04-13T14:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-191", "details": [ "A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in xorg-x11-server. An interger underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-x11-server 1.20.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3472\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3472\nhttps://lists.x.org/archives/xorg-announce/2021-April/003080.html" ], "name": "CVE-2021-3472", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T04:26:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.", "A flaw was found in IPA. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1722\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1722" ], "name": "CVE-2020-1722", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Bob Clary, Christian Holler, Christoph Diehl, Daniel Holbert, Jesse Ruderman, and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1952\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1952\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-16.html" ], "name": "CVE-2016-1952", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3858\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3858\nhttps://www.libssh2.org/CVE-2019-3858.html" ], "name": "CVE-2019-3858", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.", "A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2671\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2671" ], "name": "CVE-2017-2671", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-21T00:00:00Z", "cvss": { "cvss_base_score": "5.7", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-833", "details": [ "The memory resource controller (aka memcg) in the Linux kernel allows local users to cause a denial of service (deadlock) by spawning new processes within a memory-constrained cgroup.", "It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system." ], "statement": "This issue does not affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future updates may address this issue in the respective releases.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8171\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8171" ], "name": "CVE-2014-8171", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.", "A flaw was found in squid. Due to incorrect data validation, a HTTP Request Smuggling attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity." ], "upstream_fix": "squid 4.13, squid 5.0.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15810\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15810" ], "name": "CVE-2020-15810", "mitigation": { "value": "Disable the relaxed HTTP parser in `squid.conf`:\n```\nrelaxed_header_parser off\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nathan Froyd and Tyson Smith as the original reporters.", "upstream_fix": "thunderbird 60.9, firefox 68.1, firefox 60.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11740\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11740\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11740" ], "name": "CVE-2019-11740", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ehsan Akhgari as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7197\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7197\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-132.html" ], "name": "CVE-2015-7197", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14562\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14562" ], "name": "CVE-2020-14562", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ivan Fratric of Google Project Zero as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5404\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5404\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5404" ], "name": "CVE-2017-5404", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.", "It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack." ], "upstream_fix": "httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0736\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0736\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.25\nhttps://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt" ], "name": "CVE-2016-0736", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385->CWE-203", "details": [ "A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.", "A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction\nmechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability." ], "statement": "For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/tsx-asynchronousabort", "upstream_fix": "Kernel 5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19338\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19338\nhttps://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort\nhttps://www.openwall.com/lists/oss-security/2019/12/10/3" ], "name": "CVE-2019-19338", "mitigation": { "value": "Please refer to the Red Hat Knowledgebase Transactional Synchronization Extensions (TSX) Asynchronous Abort article (https://access.redhat.com/solutions/tsx-asynchronousabort) for mitigation instructions.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-567", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4732\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4732\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16421\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16421\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16421", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nBy tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Luan Herrera as the original reporter.", "upstream_fix": "firefox 115.12, thunderbird 115.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-5691\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5691\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5691\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5691" ], "name": "CVE-2024-5691", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "Under certain circumstances the \"fetch()\" API can return transient local copies of resources that were sent with a \"no-store\" or \"no-cache\" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ben Kelly as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5131\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5131\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5131" ], "name": "CVE-2018-5131", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn attacker could have positioned a `datalist` element to obscure the address bar." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "thunderbird 102.11, firefox 102.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32212\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32212\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32212\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32212" ], "name": "CVE-2023-32212", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228", "details": [ "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", "It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2572\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2572\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2572", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-06-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe Mozilla Fuzzing Team reporting potential vulnerabilities present in Firefox 101 and Firefox ESR 91.10. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102, thunderbird 91.11, firefox 91.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-34484\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34484\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34484\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34484" ], "name": "CVE-2022-34484", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity." ], "upstream_fix": "expat 2.4.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-23852\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23852\nhttps://github.com/libexpat/libexpat/pull/550" ], "name": "CVE-2022-23852", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault." ], "statement": "This issue affects the versions of qt5-base and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19870\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19870" ], "name": "CVE-2018-19870", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-284", "details": [ "Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ehsan Akhgari as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4520\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4520\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-111/" ], "name": "CVE-2015-4520", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20096\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20096" ], "name": "CVE-2018-20096", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "firefox 102.5, thunderbird 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45408\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45408\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45408\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45408" ], "name": "CVE-2022-45408", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.", "A flaw was found in the Linux kernel. The rtl_usb_probe function mishandles resource cleanup on error. An attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (physical access).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19063\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19063" ], "name": "CVE-2019-19063", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module rtl8192cu. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Characters from the \"Canadian Syllabics\" unicode block can be mixed with characters from other unicode blocks in the addressbar instead of being rendered as their raw \"punycode\" form, allowing for domain name spoofing attacks through character confusion. The current Unicode standard allows characters from \"Aspirational Use Scripts\" such as Canadian Syllabics to be mixed with Latin characters in the \"moderately restrictive\" IDN profile. We have changed Firefox behavior to match the upcoming Unicode version 10.0 which removes this category and treats them as \"Limited Use Scripts.\". This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Erb as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7764\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7764\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764" ], "name": "CVE-2017-7764", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502->CWE-434", "details": [ "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "A flaw was found in xstream. A remote attacker can load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "upstream_fix": "xstream 1.4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-21346\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21346" ], "name": "CVE-2021-21346", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.", "A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7396\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7396" ], "name": "CVE-2017-7396", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-95", "details": [ "The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5158\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5158\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158" ], "name": "CVE-2018-5158", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-06-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1321", "details": [ "If an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf an object prototype was corrupted by an attacker, they would have been able to set undesired attributes on a JavaScript object, leading to privileged code execution." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Manfred Paul via Trend Micro's Zero Day Initiative as the original reporter.", "upstream_fix": "thunderbird 102, thunderbird 91.11, firefox 91.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2200\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2200\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-2200\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2200" ], "name": "CVE-2022-2200", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-10-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Hugh Davenport as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8242\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8242" ], "name": "CVE-2015-8242", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2796\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2796\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2796", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-01T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.", "A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Marco Davids (SIDN Labs) and Tony Finch (University of Cambridge) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8864\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8864\nhttps://kb.isc.org/article/AA-01434" ], "name": "CVE-2016-8864", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-15T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.", "A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code creating this issue is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8646\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8646" ], "name": "CVE-2016-8646", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3868\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3868\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3868", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.", "A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests." ], "upstream_fix": "tomcat 7.0.67, tomcat 8.0.32", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5346\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5346\nhttp://seclists.org/bugtraq/2016/Feb/143" ], "name": "CVE-2015-5346", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T18:00:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in grub2. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank Ilja van Sprundel (IOActive) and Joseph Tartaro (IOActive) for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25647\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25647" ], "name": "CVE-2020-25647", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4447\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4447" ], "name": "CVE-2016-4447", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-08T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-131->CWE-200", "details": [ "The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service (server crash) or read arbitrary server memory via a \"too-short\" salt.", "A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory." ], "upstream_fix": "postgresql 9.2.14, postgresql 9.0.23, postgresql 9.1.19, postgresql 9.4.5, postgresql 9.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5288\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5288\nhttp://www.postgresql.org/about/news/1615/" ], "name": "CVE-2015-5288", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.", "A flaw was found in the Linux kernel. The Intel Wireless WiFi MVM Firmware driver mishandles resource cleanup during device coredump. An attacker able to trigger the device coredump and system-wide out of memory conditions at the same time could use this flaw to crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the resource cleanup code path (system-wide out-of-memory condition).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19058\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19058" ], "name": "CVE-2019-19058", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module iwlmvm. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7201\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7201\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-134.html" ], "name": "CVE-2015-7201", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-284", "details": [ "Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.", "An improper access control flaw was found in the Intel(R) Ethernet Controller RDMA driver in the Linux Kernel. This flaw allows an unauthenticated user to enable privilege escalation via network access." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25775\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25775\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html" ], "name": "CVE-2023-25775", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully controlled, incorrect range in circumstances where users have explicitly disabled Spectre mitigations. *Note: Spectre mitigations are currently enabled for all users by default settings.*. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bruno Keith & Niklas Baumstark (the phoenhex team) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9793\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9793\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9793" ], "name": "CVE-2019-9793", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1521\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1521\nhttp://www.talosintel.com/reports/TALOS-2016-0058/" ], "name": "CVE-2016-1521", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502->CWE-434", "details": [ "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "upstream_fix": "xstream 1.4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-21347\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21347" ], "name": "CVE-2021-21347", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15864\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15864" ], "name": "CVE-2018-15864", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Renan Rios as the original reporter.", "upstream_fix": "firefox 115.7, thunderbird 115.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0741\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0741\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0741\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0741" ], "name": "CVE-2024-0741", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a \"signature malleability\" issue.", "A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1568\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1568\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-73.html" ], "name": "CVE-2014-1568", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0815\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0815\nhttp://www.mozilla.org/security/announce/2014/mfsa2015-30.html" ], "name": "CVE-2015-0815", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5430\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5430\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5430" ], "name": "CVE-2017-5430", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.", "A Reflected Cross Site Scripting vulnerability was found in the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser." ], "statement": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "upstream_fix": "pki 10.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10221\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10221" ], "name": "CVE-2019-10221", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.", "It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs." ], "upstream_fix": "tomcat 8.0.32, tomcat 6.0.45, tomcat 7.0.68", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0706\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0706\nhttp://seclists.org/bugtraq/2016/Feb/144" ], "name": "CVE-2016-0706", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when form input elements, focus, and selections are manipulated by script content. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5098\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5098\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098" ], "name": "CVE-2018-5098", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Zhanjia Song as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 60.9, firefox 68.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11752\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11752\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11752" ], "name": "CVE-2019-11752", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.", "The Mozilla Foundation Security Advisory describes this flaw as:\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges zx as the original reporter.", "upstream_fix": "thunderbird 102.13, firefox 102.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-37202\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37202\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202" ], "name": "CVE-2023-37202", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).", "It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10295\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10295" ], "name": "CVE-2017-10295", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7198\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7198\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-131.html" ], "name": "CVE-2015-7198", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9066\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9066\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-9066", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 78.10, firefox 78.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23995\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23995\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23995" ], "name": "CVE-2021-23995", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-787", "details": [ "In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-162844689References: Upstream kernel", "A flaw was found in the Linux kernel’s multi-touch input system. An out-of-bounds write triggered by a use-after-free issue could lead to memory corruption or possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0465\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0465" ], "name": "CVE-2020-0465", "mitigation": { "value": "As the multitouch module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install hid-multitouch /bin/true\" >> /etc/modprobe.d/disable-hid-multitouch.conf\nThe system may need to be restarted if the hid-multitouch module is loaded. In most circumstances, a kernel modules will be unable to be unloaded while in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-09T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.", "A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported." ], "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.2a, openssl 1.0.0r", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0209\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0209\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0209", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.", "It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank cURL project for reporting this issue. Upstream acknowledges Andrey Labunets (Facebook) as the original reporter.", "upstream_fix": "libcurl 7.40.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8150\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8150\nhttp://curl.haxx.se/docs/adv_20150108B.html" ], "name": "CVE-2014-8150", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue." ], "statement": "This issue affects the versions of unzip as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13232\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13232" ], "name": "CVE-2019-13232", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-02-21T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.", "A heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application." ], "statement": "This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 5 and 6 as they did use different memory allocation algorithm in swscanf() function.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1472\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1472" ], "name": "CVE-2015-1472", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-456", "details": [ "When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chiaki ISHIKAWA as the original reporter.", "upstream_fix": "thunderbird 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6792\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6792\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792" ], "name": "CVE-2020-6792", "csaw": false }, { "threat_severity": "Critical", "public_date": "2022-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA as the original reporter.", "upstream_fix": "Thunderbird 91.6.2, Firefox 97.0.2, Firefox ESR 91.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-26485\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26485" ], "name": "CVE-2022-26485", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-84", "details": [ "Permission prompts for opening external schemes were only shown for ContentPrincipals resulting in extensions being able to open them without user interaction via ExpandedPrincipals. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nPermission prompts for opening external schemes were only shown for `ContentPrincipals` resulting in extensions being able to open them without user interaction via `ExpandedPrincipals`. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Vitor Torres as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25729\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25729\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25729\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25729" ], "name": "CVE-2023-25729", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-02-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.", "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution." ], "statement": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.", "upstream_fix": "expat 2.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-25315\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25315\nhttps://blog.hartwork.org/posts/expat-2-4-5-released/" ], "name": "CVE-2022-25315", "mitigation": { "value": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.", "A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability." ], "upstream_fix": "kernel 5.13 rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-33034\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33034\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3\nhttps://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl\nhttps://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1" ], "name": "CVE-2021-33034", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.", "A possible memory corruption due to a type confusion was found in the Linux kernel in the sk_clone_lock() function in the net/core/sock.c. The possibility of local escalation of privileges cannot be fully ruled out for a local unprivileged attacker." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9568\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9568" ], "name": "CVE-2018-9568", "mitigation": { "value": "The currently known attack vector uses IPv6 for exploitation. If IPv6 is not needed on the host, disabling it mitigates this attack vector. Please see https://access.redhat.com/solutions/8709 for instructions on how to disable IPv6 in Red Hat Enterprise Linux.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..", "A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker can execute arbitrary code on the system." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-30762\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30762\nhttps://webkitgtk.org/security/WSA-2021-0004.html" ], "name": "CVE-2021-30762", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).", "A use-after-free vulnerability was found in the Linux kernel’s implementation of blktrace in the __blk_add_trace function. A local attacker with permissions to run block trace instructions against a device can create a situation where the core block_trace object is used after it is freed. The attacker can pre-groom memory to race this use-after-free to create a condition where the memory is corrupted and cause privilege escalation.\nThe ability to create this condition requires elevated privileges, and it has been decided that this change in Red Hat Enterprise Linux 5 and 6 would risk introducing possible regressions and will not be backported." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19768\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19768" ], "name": "CVE-2019-19768", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786.", "It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the perf subsystem where the flaw was found is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6001\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6001" ], "name": "CVE-2017-6001", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo." ], "upstream_fix": "poppler 0.79", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9959\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9959" ], "name": "CVE-2019-9959", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-10-17T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and 21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22067\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22067" ], "name": "CVE-2023-22067", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-682", "details": [ "The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.", "An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client." ], "statement": "This issue does not affect the version OpenSSH as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue affects the version of OpenSSH as shipped with Red Hat Enterprise Linux 7 in a non-default configuration. For more information please refer to https://access.redhat.com/articles/2123781", "acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "upstream_fix": "openssh 7.1p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0777\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0777\nhttp://www.openssh.com/txt/release-7.1p2\nhttps://access.redhat.com/articles/2123781\nhttps://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt" ], "csaw": true, "name": "CVE-2016-0777", "mitigation": { "value": "1. The vulnerable roaming code can be permanently disabled by adding the\nundocumented option \"UseRoaming no\" to the system-wide configuration\nfile (usually /etc/ssh/ssh_config), or per-user configuration file\n(~/.ssh/config), or command-line (-o \"UseRoaming no\").\n2. If an OpenSSH client is disconnected from an SSH server that offers\nroaming, it prints \"[connection suspended, press return to resume]\" on\nstderr, and waits for '\\n' or '\\r' on stdin (and not on the controlling\nterminal) before it reconnects to the server; advanced users may become\nsuspicious and press Control-C or Control-Z instead, thus avoiding the\ninformation leak.\nHowever, SSH commands that use the local stdin to transfer data to the\nremote server are bound to trigger this reconnection automatically (upon\nreading a '\\n' or '\\r' from stdin). Moreover, these non-interactive SSH\ncommands (for example, backup scripts and cron jobs) commonly employ\npublic-key authentication and are therefore perfect targets for this\ninformation leak.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2024-03-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-311", "details": [ "The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Several community reporters as the original reporter.", "upstream_fix": "thunderbird 115.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1936\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1936\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-11/#CVE-2024-1936" ], "name": "CVE-2024-1936", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph.", "An out of bounds read flaw related to \"graphite2::Silf::getClassGlyph\" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7776\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7776\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7776", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.", "A flaw was found in the Linux kernel's skcipher component, which affects the skcipher_recvmsg function. Attackers using a specific input can lead to a privilege escalation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, and kernel-alt packages.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, MRG-2 and real-time kernels.\nFuture Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13215\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13215" ], "name": "CVE-2017-13215", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-400", "details": [ "A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA type checking bug would have led to invalid code being compiled." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges P1umer and xmzyshypnc as the original reporter.", "upstream_fix": "thunderbird 102.11, firefox 102.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32211\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32211\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32211\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32211" ], "name": "CVE-2023-32211", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-821", "details": [ "A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA background script invoking `requestFullscreen` and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25730\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25730\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25730\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25730" ], "name": "CVE-2023-25730", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Poppler before 0.70.0 has a NULL pointer dereference in _poppler_attachment_new when called from poppler_annot_file_attachment_get_attachment." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19149\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19149" ], "name": "CVE-2018-19149", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.", "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic." ], "acknowledgement": "Red Hat would like to thank Wen Xu for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1092\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1092" ], "name": "CVE-2018-1092", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8101\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8101\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8101", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-835", "details": [ "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.", "A flaw was found in python. In Lib/tarfile.py an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation." ], "statement": "A service is vulnerable if it uses python's tarfile module to open untrusted tar files. If an attacker is able to submit a crafted tar file to a service which uses the tarfile module to open it, an infinite loop will be executed, potentially causing a denial of service. The tarfile module is included with python.\nVersions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20907\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20907" ], "name": "CVE-2019-20907", "mitigation": { "value": "This flaw can be mitigated by not opening untrusted files with tarfile.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.", "A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment." ], "acknowledgement": "Upstream acknowledges Anonymous (Trend Micro Zero Day Initiative) as the original reporter.", "upstream_fix": "libksba 1.6.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-3515\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3515\nhttps://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html" ], "name": "CVE-2022-3515", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.", "A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges partha@exablox.com as the original reporter.", "upstream_fix": "samba 4.3.3, samba 4.2.7, samba 4.1.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5299\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5299\nhttps://www.samba.org/samba/security/CVE-2015-5299.html" ], "name": "CVE-2015-5299", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-20T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-377", "details": [ "The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users to write to arbitrary files via a symlink attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3149\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3149" ], "name": "CVE-2015-3149", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcDbeSwapBuffers or (2) SProcDbeSwapBuffers function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8097\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8097\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8097", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.", "A flaw was found in the Linux kernel's implementation of associative arrays introduced in 3.13. This functionality was backported to the 3.10 kernels in Red Hat Enterprise Linux 7. The flaw involved a null pointer dereference in assoc_array_apply_edit() due to incorrect node-splitting in assoc_array implementation. This affects the keyring key type and thus key addition and link creation operations may cause the kernel to panic." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7,MRG-2 and realtime kernels. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Fan Wu (University of Hong Kong), Haoran Qiu (University of Hong Kong), Heming Cui (University of Hong Kong), and Shixiong Zhao (University of Hong Kong) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12193\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12193" ], "name": "CVE-2017-12193", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.", "A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10926\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10926" ], "name": "CVE-2018-10926", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "nscd: Null pointer crashes after notfound response\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\nThis vulnerability is only present in the nscd binary.", "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit." ], "statement": "The flaw identified in the glibc netgroup cache constitutes a moderate severity issue due to its potential to trigger null pointer dereferences, leading to program crashes or exits. While null pointer dereferences can cause disruptions to system operations and possibly result in denial-of-service conditions, their impact is limited primarily to the affected process or application instance. However, the risk of exploitation may vary depending on the context of system usage. Systems that heavily rely on netgroup functionality may be more susceptible to exploitation, particularly if malicious actors can manipulate network traffic to trigger the vulnerability.\nThis issue affects the nscd RPM package and not the glibc RPM package itself. Affected components are tracked by their RPM source package, in this case, the nscd binary package is built from the glibc source package, hence the affected component is glibc.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-33600\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-33600" ], "name": "CVE-2024-33600", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2795\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2795" ], "name": "CVE-2018-2795", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-27T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.", "It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank Canonical for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1333\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1333" ], "name": "CVE-2015-1333", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-354", "details": [ "A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan (@sourc7) as the original reporter.", "upstream_fix": "thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26951\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26951\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951" ], "name": "CVE-2020-26951", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c.", "An issue was discovered in the Linux kernels Userspace Connection Manager Access for RDMA. This could allow a local attacker to crash the system, corrupt memory or escalate privileges." ], "upstream_fix": "kernel 5.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-36385\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36385" ], "name": "CVE-2020-36385", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.", "A flaw was found in the way the mwifiex_cmd_append_vsie_tlv() in Linux kernel's Marvell WiFi-Ex driver handled vendor specific information elements. A local user could use this flaw to escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12653\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12653" ], "name": "CVE-2020-12653", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module mwifiex. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kim Do Hun via Tor Browser as the original reporter.", "upstream_fix": "firefox 115.11, thunderbird 115.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-4767\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4767\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4767\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4767" ], "name": "CVE-2024-4767", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10349\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10349" ], "name": "CVE-2017-10349", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8608\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8608\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8608", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-10T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.", "It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security\nimpact. This issue is not currently planned to be addressed in future\nupdates of Enterprise Linux 6. For additional information, refer to\nthe Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5160\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5160" ], "name": "CVE-2015-5160", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: The garbage collector could have been aborted in several states and zones and GCRuntime::finishCollection may not have been called, leading to a use-after-free and potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong as the original reporter.", "upstream_fix": "firefox 102.5, thunderbird 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45409\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45409\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45409\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45409" ], "name": "CVE-2022-45409", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.", "A flaw was found in Net-SNMP through version 5.73, where an Improper Privilege Management issue occurs due to SNMP WRITE access to the EXTEND MIB allows running arbitrary commands as root. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "upstream_fix": "net-snmp 5.8.1pre1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15862\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15862" ], "name": "CVE-2020-15862", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9660\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9660" ], "name": "CVE-2014-9660", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2757\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2757" ], "name": "CVE-2020-2757", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-201", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3139\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3139" ], "name": "CVE-2018-3139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.", "A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client." ], "upstream_fix": "samba 4.8.4, samba 4.6.16, samba 4.7.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10858\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10858\nhttps://www.samba.org/samba/security/CVE-2018-10858.html" ], "name": "CVE-2018-10858", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.", "A flaw was found in Nettle, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "* Although Red Hat OpenStack's dibbler package bundles nettle, it does not include the flawed functionality and is therefore unaffected.", "acknowledgement": "Red Hat would like to thank Niels Möller for reporting this issue.", "upstream_fix": "nettle 3.7.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20305\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20305\nhttps://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html" ], "name": "CVE-2021-20305", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.", "A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6, Red Hat JBoss Web Server, and Red Hat JBoss Enterprise Application Platform. These products include httpd 2.2, and only httpd versions 2.4.6 through 2.4.9 include the vulnerable code.", "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0117\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0117\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0117", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for example the attacker could have tricked Thunderbird to show folders that didn't exist on the IMAP server. This vulnerability affects Thunderbird < 78.12." ], "upstream_fix": "thunderbird 78.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29969\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29969" ], "name": "CVE-2021-29969", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers and community members reported memory safety bugs present in Firefox 73 and Firefox ESR 68.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Byron Campen, Christian Holler, and Jason Kratzer as the original reporters.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6814\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6814\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814" ], "name": "CVE-2020-6814", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code.", "A device tracking vulnerability was found in the flow_dissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time and can be inferred by an attacker." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18282\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18282" ], "name": "CVE-2019-18282", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-11-17T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.", "It was discovered that grub2 builds for EFI systems contained modules that were not suitable to be loaded in a Secure Boot environment. An attacker could use this flaw to circumvent the Secure Boot mechanisms and load non-verified code. Attacks could use the boot menu if no password was set, or the grub2 configuration file if the attacker has root privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5281\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5281" ], "name": "CVE-2015-5281", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.", "A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Adam Langley (Google/BoringSSL) as the original reporter.", "upstream_fix": "openssl 1.0.1s, openssl 1.0.2g", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0705\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0705" ], "name": "CVE-2016-0705", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-09-20T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "details": [ "The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.", "It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure." ], "upstream_fix": "glibc 2.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8776\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8776" ], "name": "CVE-2015-8776", "mitigation": { "value": "Check time values before they are passed to strftime, or call strftime only with struct tm values computed by gmtime or localtime.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-04T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-732", "details": [ "The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.", "The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix\nthis issue have been shipped now.", "acknowledgement": "Red Hat would like to thank Nathan Williams for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8660\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8660" ], "name": "CVE-2015-8660", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew Sutherland as the original reporter.", "upstream_fix": "thunderbird 78.7, firefox 78.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26976\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26976\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2020-26976" ], "name": "CVE-2020-26976", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8821\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8821\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8821", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.", "A flaw was found in the Linux kernel's implementation of IPMI (remote baseband access). An attacker, with local access to read /proc/ioports, may be able to create a use-after-free condition when the kernel module is unloaded which may result in privilege escalation." ], "statement": "This flaw has been rated as \"Moderate\" as the attacker needs to be able to abuse this flaw in a very narrow race condition of the kernel module being unloaded. This scoring system from this flaw differentiates from other sources as the attacker must have a local account to be able to read the file (/proc/ioports) while the module is unloaded. None of the above actions are 'network facing' attack vectors.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11811" ], "name": "CVE-2019-11811", "mitigation": { "value": "A mitigation to this flaw would be to no longer use IPMI on affected hardware until the kernel has been updated. Existing systems that have IPMI kernel modules loaded will need to unload the \"ipmi_si\" kernel module and blacklist ( See https://access.redhat.com/solutions/41278 for a guide on how to blacklist modules). Take careful consideration that if unloading and blacklisting the module, this creates a one-time attack vector window for a local attacker.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kestrel as the original reporter.", "upstream_fix": "firefox 115.7, thunderbird 115.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0749\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0749\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0749\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0749" ], "name": "CVE-2024-0749", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.", "A flaw was found in OpenLDAP. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability." ], "statement": "This flaw does not affect Red Hat Enterprise Linux 8 because the slapd server is not shipped in the Red Hat Enterprise Linux 8 repositories.", "upstream_fix": "openldap 2.4.56", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25710\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25710\nhttps://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c" ], "name": "CVE-2020-25710", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10111\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10111" ], "name": "CVE-2017-10111", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-642", "details": [ "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.", "It was discovered that CUPS allows non-root users to pass environment variables to CUPS backends. Affected backends use attacker-controlled environment variables without proper sanitization. A local attacker, who is part of one of the groups specified in the SystemGroups directive, could use the cupsctl binary to set SetEnv and PassEnv directives and potentially controls the flow of the affected backend, resulting in some cases in arbitrary code execution with root privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4180\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4180" ], "name": "CVE-2018-4180", "mitigation": { "value": "Do not add untrusted users to sys and root groups.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2678\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2678" ], "name": "CVE-2018-2678", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4844\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4844\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4844", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.", "It was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones (DLZs). An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the \"allow-transfer\" ACL." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.11.5-P4, bind 9.12.3-P4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6465\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6465\nhttps://kb.isc.org/docs/cve-2019-6465" ], "name": "CVE-2019-6465", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21291\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21291" ], "name": "CVE-2022-21291", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mikhail Oblozhikhin as the original reporter.", "upstream_fix": "thunderbird 68.11, thunderbird 78.1, firefox 68.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15652\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15652\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15652" ], "name": "CVE-2020-15652", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8811\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8811", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-13T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-863", "details": [ "The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable.", "It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8325\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8325" ], "name": "CVE-2015-8325", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1287", "details": [ "By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nBy manipulating the text in an `` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "firefox 115.12, thunderbird 115.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-5696\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5696\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5696\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5696" ], "name": "CVE-2024-5696", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5096\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5096\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096" ], "name": "CVE-2018-5096", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125->CWE-476", "details": [ "The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.", "A NULL pointer dereference flaw was found in GStreamer's MPEG-TS parser. A remote attacker could use this flaw to cause an application using GStreamer to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9813\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9813" ], "name": "CVE-2016-9813", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.", "A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. A malicious DHCP client could use this flaw to trigger a reference count overflow on the server side, potentially causing dhcpd to crash, by sending large amounts of traffic." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter.", "upstream_fix": "dhcp 4.3.6-P1, dhcp 4.4.1, dhcp 4.1-ESV-R15-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5733\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5733\nhttps://kb.isc.org/article/AA-01567" ], "name": "CVE-2018-5733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.", "A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having Moderate impact.", "acknowledgement": "Upstream acknowledges Jan-Niklas Sohn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2320\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2320\nhttps://www.zerodayinitiative.com/advisories/ZDI-22-963/" ], "name": "CVE-2022-2320", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-14T17:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-203->CWE-385", "details": [ "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12127\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12127\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" ], "csaw": true, "name": "CVE-2018-12127" }, { "threat_severity": "Important", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2601\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2601" ], "name": "CVE-2020-2601", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host." ], "statement": "Since the 5.8.3 release, Red Hat CloudForms no longer uses libtomcrypt.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0495\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0495\nhttps://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/" ], "name": "CVE-2018-0495", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2637\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2637" ], "name": "CVE-2018-2637", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-11T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.", "It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine." ], "acknowledgement": "Red Hat would like to thank Michael Gruhn for reporting this issue. Upstream acknowledges Christian Moch as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5011\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5011" ], "name": "CVE-2016-5011", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5441\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5441\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5441" ], "name": "CVE-2017-5441", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service.", "It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14661\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14661" ], "name": "CVE-2018-14661", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35586\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35586" ], "name": "CVE-2021-35586", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8597\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8597\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8597", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-01-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Qihoo 360 ATA as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 72.0.1, firefox 68.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17026\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17026\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026" ], "name": "CVE-2019-17026", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-12-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-271", "details": [ "A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.", "A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service." ], "statement": "This flaw is rated as having Low impact because of the exploitation prerequisities and the fact that the attacker could only decrease the permissions of the file or directory.", "acknowledgement": "Red Hat would like to thank J. Bruce Fields (fieldses.org) for reporting this issue.", "upstream_fix": "kernel 4.17-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-35513\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35513\nhttps://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297@fieldses.org/" ], "name": "CVE-2020-35513", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.", "The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." ], "upstream_fix": "kernel 4.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10675\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10675" ], "name": "CVE-2018-10675", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2633\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2633" ], "name": "CVE-2018-2633", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-10T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20->CWE-284", "details": [ "cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.", "It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit." ], "statement": "This issue affects the versions of curl as shipped with Red Hat Enterprise Linux 5 and is not planned to be corrected in future updates.\nInktank Ceph Enterprise 1.1 and 1.2 receives only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Inktank Ceph Enterprise Support Matrix:\nhttp://www.inktank.com/enterprise/support/", "acknowledgement": "Red Hat would like to thank cURL project for reporting this issue. Upstream acknowledges Tim Ruehsen as the original reporter.", "upstream_fix": "curl 7.38.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3613\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3613\nhttp://curl.haxx.se/docs/adv_20140910A.html" ], "name": "CVE-2014-3613", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nOn arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.10, firefox 91.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-31740\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31740\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31740" ], "name": "CVE-2022-31740", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-119", "details": [ "In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.", "A stack buffer overflow issue was found in the get_raw_socket() routine of the Host kernel accelerator for virtio net (vhost-net) driver. It could occur while doing an ictol(VHOST_NET_SET_BACKEND) call, and retrieving socket name in a kernel stack variable via get_raw_socket(). A user able to perform ioctl(2) calls on the '/dev/vhost-net' device may use this flaw to crash the kernel resulting in DoS issue." ], "statement": "This issue does not affect the kernel package as shipped with the Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the kernel package as shipped with the Red Hat Enterprise Linux 6, 7 and 8. Future kernel updates for Red Hat Enterprise Linux 6, 7 and 8 may address this issue.\nIt is rated to have Low impact because it is quite difficult/unlikely to be triggered by a guest (or even host) user. In case it does happen, like in the upstream report, the stack overflow shall hit the stack canaries, resulting in DoS by crashing the kernel.", "upstream_fix": "kernel 5.5.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10942\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10942" ], "name": "CVE-2020-10942", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.", "An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid." ], "upstream_fix": "squid 3.5.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4553\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4553\nhttp://www.squid-cache.org/Advisories/SQUID-2016_7.txt" ], "name": "CVE-2016-4553", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-18T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.", "It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5008\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5008" ], "name": "CVE-2016-5008", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.", "A flaw was found in Python. The built-in modules httplib and http.client (included in Python 2 and Python 3, respectively) do not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation to the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity." ], "statement": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "upstream_fix": "python 3.8.5, python 3.7.9, python 3.6.12, python 3.5.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26116\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26116\nhttps://python-security.readthedocs.io/vuln/http-header-injection-method.html" ], "name": "CVE-2020-26116", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-28T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.", "A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication." ], "upstream_fix": "openssl 1.0.2e, openssl 1.0.1q", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3194\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3194\nhttps://openssl.org/news/secadv/20151203.txt" ], "name": "CVE-2015-3194", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-07T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.", "An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Carl Henrik Lunde for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9584\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9584" ], "name": "CVE-2014-9584", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.", "The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9075\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9075" ], "name": "CVE-2017-9075", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-20T10:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.", "A flaw was found in glusterfs which can lead to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes." ], "statement": "Red Hat Enterprise Linux 6, 7 are not affected by this flaw as it only affects glusterfs-server package. Red Hat Virtualization Hypervisor is not impacted by this flaw, as it uses gluster in a controlled manner via vdsm.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10841\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10841" ], "name": "CVE-2018-10841", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-839", "details": [ "The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record.", "An integer overflow flaw was found in the way the strings utility processed certain files. If a user were tricked into running the strings utility on a specially crafted file, it could cause the strings executable to crash." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8484\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8484" ], "name": "CVE-2014-8484", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state.", "It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and MRG-2. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. This flaw may affect multiple containers running on this system. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5986\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5986" ], "name": "CVE-2017-5986", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-23T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them." ], "upstream_fix": "tomcat 8.0.50, tomcat 8.5.28, tomcat 7.0.85", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1305\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1305\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" ], "name": "CVE-2018-1305", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10345\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10345" ], "name": "CVE-2017-10345", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1930\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1930\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-01.html" ], "name": "CVE-2016-1930", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-22", "details": [ "An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).", "A flaw was found in rsync that is triggered by a victim rsync user/client connecting to a malicious rsync server. The server can copy and overwrite arbitrary files in the client's rsync target directory and subdirectories. This flaw allows a malicious server, or in some cases, another attacker who performs a man-in-the-middle attack, to potentially overwrite sensitive files on the client machine, resulting in further exploitation." ], "acknowledgement": "Red Hat would like to thank Ege BALCI (PRODAFT Cyber Security Technologies INC) for reporting this issue.", "upstream_fix": "rsync 3.2.5pre1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29154\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29154\nhttps://www.openwall.com/lists/oss-security/2022/08/02/1" ], "name": "CVE-2022-29154", "mitigation": { "value": "Only connecting to trusted Rsync servers over trusted channels would help to mitigate this flaw.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.", "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32067\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32067\nhttps://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc" ], "name": "CVE-2023-32067", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.", "A flaw was found in several functions of the IPMItool, where it failed to check data received from a LAN properly. An attacker could use this flaw to craft payloads, which can lead to a buffer overflow and also cause memory corruption, a denial of service, and remote code execution." ], "statement": "The ipmitool package distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The stack canary generated by this feature helps mitigating any remote code execution attacks for this flaw.", "upstream_fix": "ipmitool 1.8.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-5208\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5208\nhttps://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp" ], "name": "CVE-2020-5208", "mitigation": { "value": "There's no mitigation available for this issue, although a few actions help to reduce the attack risk:\n1) Avoid to run `ipmitool` as privileged user;\n2) Avoid to run `ipmitool` against non-trusted IPMI-enabled devices;", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.", "An improper access control flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow a privileged user to enable escalation of privilege via local access." ], "statement": "Please contact your OEM support group to obtain the correct driver version.", "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40964\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40964\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-40964", "mitigation": { "value": "UEFI firmware to version 3.2.20.23023 (includes versions 2.2.20.23023 and 1.2.20.23023)or later.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "thunderbird 115.2, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4577\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4577\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4577" ], "name": "CVE-2023-4577", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14792\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14792" ], "name": "CVE-2020-14792", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-12-06T00:00:00Z", "cvss": { "cvss_base_score": "6.6", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-416", "details": [ "Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.", "A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 and 6.\nThis issue does affect Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future updates for the respective releases will address this issue.\nIn a default or common use of Red Hat Enterprise Linux 7 this issue does not allow an unprivileged local user elevate their privileges on the system.\nIn order to exploit this issue the attacker needs CAP_NET_RAW capability, which needs to be granted by the administrator to the attacker's account. Since Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local unprivileged users also cannot abuse namespaces to grant this capability to themselves and elevate their privileges.", "acknowledgement": "Red Hat would like to thank Philip Pettersson for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8655\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8655" ], "name": "CVE-2016-8655", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.7, firefox 91.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-26381\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26381\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381" ], "name": "CVE-2022-26381", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges DoHyun Lee as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6856\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6856\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856" ], "name": "CVE-2023-6856", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502->CWE-434", "details": [ "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "upstream_fix": "xstream 1.4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-21350\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21350" ], "name": "CVE-2021-21350", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1839\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1839" ], "name": "CVE-2016-1839", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.", "A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ip_reass() routine while reassembling incoming packets if the first fragment is bigger than the m->m_dat[] buffer. An attacker could use this flaw to crash the QEMU process on the host, resulting in a Denial of Service or potentially executing arbitrary code with privileges of the QEMU process." ], "statement": "Red Hat OpenStack Platform: \n* This flaw impacts KVM user-mode or SLIRP networking, which is not used in Red Hat OpenStack Platform. Although updating is recommended for affected versions (see below), Red Hat OpenStack Platform environments are not vulnerable.\n* Because the flaw's impact is Low, it will not be fixed in Red Hat OpenStack Platform 9 which is retiring within a few weeks of the flaw's public date.", "acknowledgement": "Red Hat would like to thank Vishnu Dev for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14378\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14378" ], "name": "CVE-2019-14378", "mitigation": { "value": "There is no external mitigation to prevent this out-of-bounds heap memory access.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-22", "details": [ "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.", "A flaw was found in the pip package installer for Python when downloading or installing a remote package via a specified URL. Improper validation of the \"Content-Disposition\" HTTP response header makes a path traversal attack possible, leading to an arbitrary file overwrite. This flaw allows an attacker who controls a malicious server to execute arbitrary code on the system." ], "statement": "This issue has been rated as having Moderate impact because of the preconditions needed to trigger the flaw: it only affects Python Wheels and requires the user to pip-install a wheel from a malicious server. Installing software from untrusted servers is insecure by definition and strongly discouraged, as it may lead to system compromise regardless of this CVE.\nThis flaw did not affect the versions of `python-pip` in Python 3.8 as shipped with Red Hat Enterprise Linux 8 and Red Hat Software Collections 3, as they already included the fix for this CVE.", "upstream_fix": "python-pip 19.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20916\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20916" ], "name": "CVE-2019-20916", "mitigation": { "value": "Avoid downloading or installing packages from potentially malicious servers via the command-line \"pip download\" or \"pip install\".", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2983\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2983" ], "name": "CVE-2019-2983", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-03T22:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-385->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue." ], "statement": "Please see the Vulnerability Response article for the full list of updates available and a detailed discussion of this issue.\nMeltdown patches for 32-bit Red Hat Enterprise Linux 5\n------------------------------------------------------\nRed Hat has no current plans to provide mitigations for the Meltdown vulnerability in 32-bit Red Hat Enterprise Linux 5 environments.\nFollowing many hours of engineering investigation and analysis, Red Hat has determined that introducing changes to the Red Hat Enterprise Linux 5 environment would destabilize customer deployments and violate our application binary interface (ABI) and kernel ABI commitments to customers who rely on Red Hat Enterprise Linux 5 to be absolutely stable.\nAlthough Red Hat has delivered patches to mitigate the Meltdown vulnerability in other supported product offerings, the 32-bit Red Hat Enterprise Linux 5 environment presents unique challenges. The combination of limited address space in 32-bit environments plus the mechanism for passing control from the userspace to kernel and limitations on the stack during this transfer make the projected changes too invasive and disruptive for deployments that require the highest level of system stability. By contrast, 32-bit Meltdown mitigations have been delivered for Red Hat Enterprise Linux 6, where the changes are far less invasive and risky.", "acknowledgement": "Red Hat would like to thank Google Project Zero for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5754\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5754\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://spectreattack.com/" ], "csaw": true, "name": "CVE-2017-5754" }, { "threat_severity": "Moderate", "public_date": "2014-08-27T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-787", "details": [ "Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.", "A buffer overflow flaw was found in the way the Minibox PicoLCD driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel package as shipped with\nRed Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise\nLinux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3186\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3186" ], "name": "CVE-2014-3186", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102.4, firefox 102.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42932\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42932\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42932\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42932" ], "name": "CVE-2022-42932", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications.", "It has been discovered that the mod_session module of Apache HTTP Server (httpd), through version 2.4.29, has an improper input validation flaw in the way it handles HTTP session headers in some configurations. A remote attacker may influence their content by using a \"Session\" header." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include mod_session module.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1283\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1283" ], "name": "CVE-2018-1283", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2010-09-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option." ], "upstream_fix": "jQuery UI 1.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2010-5312\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5312" ], "name": "CVE-2010-5312", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When saving a page to PDF, certain font styles could have led to a potential use-after-free crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "firefox 115.11, thunderbird 115.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-4770\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4770\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4770\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4770" ], "name": "CVE-2024-4770", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41." ], "upstream_fix": "nss 3.36.6, nss 3.40.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12404\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12404" ], "name": "CVE-2018-12404", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-13T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.", "A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8666\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8666" ], "name": "CVE-2016-8666", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14796\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14796" ], "name": "CVE-2020-14796", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs \"git clone --recurse-submodules\" because submodule \"names\" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with \"../\" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server." ], "statement": "This issue did not affect the versions of git as shipped with Red Hat Enterprise Linux 6 as they did not include the vulnerable code.\nIf using OCP 3.6 make sure atomic-openshift-3.6.173.0.128-1.git.0.8da0828.el7 or later is installed on the master.", "upstream_fix": "git 2.13.7, git 2.15.2, git 2.16.4, git 2.17.1, git 2.14.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11235\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11235\nhttps://www.edwardthomson.com/blog/upgrading_git_for_cve2018_11235.html" ], "name": "CVE-2018-11235", "mitigation": { "value": "Don't create OCP source-to-image applications from source code repositories hosted by untrusted parties. Github is blocking users from pushing repositories with malicious submodules so it's less likely you can pull a malicious repository from there which triggers this vulnerability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service.", "An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVM_GET_EMULATED_CPUID' ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulting in a denial of service." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and 8. Future kernel updates for Red Hat Enterprise Linux 7 and 8 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19332\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19332\nhttps://lore.kernel.org/kvm/000000000000ea5ec20598d90e50@google.com/\nhttps://www.openwall.com/lists/oss-security/2019/12/16/1" ], "name": "CVE-2019-19332", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).", "Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash." ], "statement": "This flaw only affects applications which are compiled with OpenSSL and using EVP_CipherUpdate, EVP_EncryptUpdate or EVP_DecryptUpdate functions. When specially-crafted values are passed to these functions, it can cause the application to crash or behave incorrectly.\nOpenSSL in Red Hat Enterprise Linux 9 was marked as not affected as its already fixed in RHEL9 Alpha release.", "upstream_fix": "openssl 1.1.1j, openssl 1.0.2y", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23840\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23840\nhttps://www.openssl.org/news/secadv/20210216.txt" ], "name": "CVE-2021-23840", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.", "Null pointer reference in some Intel(R) Graphics Drivers for Microsoft Windows and the Linux kernel may allow a privileged user to potentially enable a denial of service via local access." ], "statement": "To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12364\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12364\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html" ], "name": "CVE-2020-12364", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-312", "details": [ "If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Thunderbird < 68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jurgen Gaeremyn as the original reporter.", "upstream_fix": "thunderbird 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6794\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6794\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6794" ], "name": "CVE-2020-6794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-09-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-273", "details": [ "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.", "A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privileges, potentially leading to local privilege escalation." ], "statement": "Neither the `AuthorizedKeysCommand` directive nor `AuthorizedPrincipalsCommand` are enabled by default in the versions of OpenSSH as shipped with Red Hat Enterprise Linux 7 and 8.", "upstream_fix": "openssh 8.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-41617\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41617\nhttps://www.openssh.com/txt/release-8.8" ], "name": "CVE-2021-41617", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command." ], "statement": "This issue affects the versions of polkit as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of polkit as shipped with Red Hat Virtualization 4. System users beyond those created at installation time are typically not used in Red Hat Virtualization Hypervisor or Management Appliance hosts, nor is there any opportunity to accidentally or maliciously create a user with a dangerous uid/gid on these systems under normal operation. For Red Hat Virtualization, this vulnerability has been rated as having a security impact of Low. Future updates may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19788\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19788" ], "name": "CVE-2018-19788", "mitigation": { "value": "Do not allow negative UIDs or UIDs greater than 2147483647.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.", "It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5582\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5582\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5582", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-11T00:00:00Z", "cvss": { "cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-130", "details": [ "The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.", "A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1782\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1782\nhttp://www.libssh2.org/adv_20150311.html" ], "name": "CVE-2015-1782", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.", "It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group." ], "acknowledgement": "This issue was discovered by Hubert Kario (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8635\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8635" ], "name": "CVE-2016-8635", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-30T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.", "A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information." ], "statement": "This is a timing side-channel flaw on processors which implement SMT/Hyper-Threading architectures. It can result in leakage of secret data in applications such as OpenSSL that has secret dependent control flow at any granularity level. In order to exploit this flaw, the attacker needs to run a malicious process on the same core of the processor as the victim process.", "acknowledgement": "Red Hat would like to thank Alejandro Cabrera Aldaya (Universidad Tecnologica de la Habana CUJAE; Cuba), Billy Bob Brumley, Cesar Pereida Garcia, Nicola Tuveri (Tampere University of Technology; Finland), and Sohaib ul Hassan for reporting this issue.", "upstream_fix": "openssl 1.1.0i, openssl 1.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5407\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5407\nhttps://github.com/bbbrumley/portsmash\nhttps://www.openssl.org/news/secadv/20181112.txt" ], "name": "CVE-2018-5407", "mitigation": { "value": "At this time Red Hat Engineering is working on patches for openssl package in Red Hat Enterprise Linux 7 to address this issue. Until fixes are available, users are advised to review the guidance supplied in the L1 Terminal Fault vulnerability article: https://access.redhat.com/security/vulnerabilities/L1TF and decide what their exposure across shared CPU threads are and act accordingly.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.", "It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Alexander Potapenko (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000380\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000380" ], "name": "CVE-2017-1000380", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nDuring the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash." ], "upstream_fix": "thunderbird 115.0.1, firefox 115.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3600\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3600\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-26/#CVE-2023-3600\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-27/#CVE-2023-3600" ], "name": "CVE-2023-3600", "csaw": false }, { "threat_severity": "Low", "public_date": "2024-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-681", "details": [ "Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIncorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. This issue only affects 32-bit ARM devices." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong as the original reporter.", "upstream_fix": "firefox 115.8, thunderbird 115.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1552\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1552\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1552\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1552" ], "name": "CVE-2024-1552", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-25T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in libwebp. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "upstream_fix": "libwebp 1.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-36329\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36329" ], "name": "CVE-2020-36329", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß as the original reporter.", "upstream_fix": "firefox 102.5, thunderbird 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45406\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45406\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45406\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45406" ], "name": "CVE-2022-45406", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks.", "A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory." ], "upstream_fix": "samba 4.4.10, samba 4.5.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9461\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9461" ], "name": "CVE-2017-9461", "csaw": false }, { "threat_severity": "Low", "public_date": "2024-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThere was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "firefox 115.10, thunderbird 115.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-3302\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3302\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3302\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3302" ], "name": "CVE-2024-3302", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-12-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.", "A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body." ], "upstream_fix": "tomcat 9.0.0.M15, tomcat 6.0.50, tomcat 8.5.9, tomcat 7.0.75, tomcat 8.0.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8745\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8745\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.49\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.74\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.40\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.9" ], "name": "CVE-2016-8745", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1762\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1762" ], "name": "CVE-2016-1762", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-08-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.", "A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service." ], "statement": "This CVE is assigned against an incomplete fix of CVE-2021-3514.", "acknowledgement": "This issue was discovered by Viktor Ashirov (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2850\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2850" ], "name": "CVE-2022-2850", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7498\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7498" ], "name": "CVE-2015-7498", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function." ], "upstream_fix": "mod_auth_mellon 0.14.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3877\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3877" ], "name": "CVE-2019-3877", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might subsequently attempt to use the invalid subkey, and will fail to send encrypted email to Alice. This vulnerability affects Thunderbird < 78.9.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cure53 as the original reporter.", "upstream_fix": "thunderbird 78.9.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23991\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23991" ], "name": "CVE-2021-23991", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork.", "An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel. A denial of service due to the NULL pointer dereference can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork." ], "upstream_fix": "kernel 4.18-rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13095\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13095" ], "name": "CVE-2018-13095", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-10-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"", "A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers." ], "statement": "This issue affects the versions of the httpd package as shipped with Red Hat JBoss Enterprise Application Platform 6; and Red Hat JBoss Web Server 2. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Certificate System does not use the mod_headers module, even when installed, and is thus not affected by this flaw.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat JBoss Enterprise Application Platform 5 and Red Hat JBoss Web Server 1 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "upstream_fix": "httpd 2.4.11, httpd 2.2.29", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-5704\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-5704" ], "name": "CVE-2013-5704", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-428", "details": [ "When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95." ], "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43541\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43541" ], "name": "CVE-2021-43541", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The plain text serializer used a fixed-size array for the number of
    elements it could process; however it was possible to overflow the static-sized array leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mirko Brodesser as the original reporter.", "upstream_fix": "thunderbird 68.3, firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17005\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17005\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17005" ], "name": "CVE-2019-17005", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-457", "details": [ "When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen reading a file, an uninitialized value could have been used as read limit." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "thunderbird 102.11, firefox 102.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32213\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32213\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32213\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32213" ], "name": "CVE-2023-32213", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.", "A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS)." ], "acknowledgement": "This issue was discovered by Alex Williamson (Red Hat Inc.).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3882\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3882" ], "name": "CVE-2019-3882", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.", "A flaw was found in Mozilla Firefox and Thunderbird. When running shutdown code for Web Worker, a race condition occurs leading to a use-after-free memory flaw that could lead to an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "upstream_fix": "thunderbird 68.8.0, firefox 68.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12387\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12387\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387" ], "name": "CVE-2020-12387", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A file URL may be incorrectly processed." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3885\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3885\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3885", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "It was found that the fix for CVE-2018-14648 in 389-ds-base, versions 1.4.0.x before 1.4.0.17, was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service.", "It was found that the fix for CVE-2018-14648 was incorrectly applied in RHEL 7.5. An attacker would still be able to provoke excessive CPU consumption leading to a denial of service." ], "upstream_fix": "389-ds-base 1.4.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10171\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10171" ], "name": "CVE-2019-10171", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000876\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000876" ], "name": "CVE-2018-1000876", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-17T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.", "A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9401\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9401" ], "name": "CVE-2016-9401", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a 4-way handshake." ], "statement": "This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13078\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13078\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13078", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.", "It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request." ], "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "upstream_fix": "httpd 2.2.32, httpd 2.4.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5387\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5387\nhttps://access.redhat.com/security/vulnerabilities/httpoxy\nhttps://httpoxy.org/\nhttps://www.apache.org/security/asf-httpoxy-response.txt" ], "csaw": true, "name": "CVE-2016-5387" }, { "threat_severity": "Moderate", "public_date": "2022-05-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1173", "details": [ "The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird < 91.9.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this issue of the parent process not properly checking whether the Speech Synthesis feature is enabled when receiving instructions from a child process." ], "upstream_fix": "thunderbird 91.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29913\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29913" ], "name": "CVE-2022-29913", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-401", "details": [ "The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.", "A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash." ], "upstream_fix": "openssl 1.0.1q, openssl 0.9.8zh, openssl 1.0.2e, openssl 1.0.0t", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3195\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3195\nhttps://openssl.org/news/secadv/20151203.txt" ], "name": "CVE-2015-3195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476->CWE-665", "details": [ "The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished.", "A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and 7. Due to the limited security impact the issue is currently not planned to be addressed in Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "This issue was discovered by Ji Jianwen (Red Hat engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5283\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5283" ], "name": "CVE-2015-5283", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6805\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6805\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805" ], "name": "CVE-2020-6805", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.", "A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XML_ResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags, this will return without calling storeRawNames to ensure that the raw versions of the tag names are stored in memory other than the parse buffer itself. Issues occur if the parse buffer is changed or reallocated (for example, if processing a file line by line), problems occur. Using this vulnerability in the doContent function allows an attacker to triage a denial of service or potentially arbitrary code execution." ], "statement": "This flaw is rated as important because this flaw can easily compromise the confidentiality, integrity, or availability of resources but a successful attack can not execute arbitrary code, or allow remote users to cause a denial of service because attack complexity is high and depends on conditions beyond the attacker's control.", "upstream_fix": "expat 2.4.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40674\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40674\nhttps://blog.hartwork.org/posts/expat-2-4-9-released/\nhttps://github.com/advisories/GHSA-2vq2-xc55-3j5m" ], "name": "CVE-2022-40674", "mitigation": { "value": "There is no known mitigation other than restricting applications using the expat library from processing XML content. Please update the affected packages as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-06-01T12:30:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-347->CWE-345", "details": [ "Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.", "An XML Signature Wrapping (XSW) vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability." ], "statement": "Lasso is provided in Red Hat Enterprise Linux 7, and 8 only as a dependency of mod_auth_mellon, without development files. The way mod_auth_mellon uses Lasso makes it not vulnerable to this flaw, because SAML responses are additionally validated to have exactly one assertion, thus it is not possible for an attacker to include an unsigned SAML assertion after a signed valid one. For this reason this flaw has been rated as Moderate on Red Hat Enterprise Linux 8.\nRed Hat Enterprise Linux 7 also provides a lasso-python package that can be used to create python applications that use Lasso, however Red Hat only ships ipsilon which uses it. Ipsilon does not use the vulnerable functions of Lasso. Considering the presence of lasso-python in Red Hat Enterprise Linux 7, this flaw has been rated as Important there.", "upstream_fix": "lasso 2.7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-28091\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-28091\nhttps://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html" ], "name": "CVE-2021-28091", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8683\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8683\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8683", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Kohlbrenner as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5407\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5407\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407" ], "name": "CVE-2017-5407", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5459\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5459\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5459" ], "name": "CVE-2017-5459", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.", "A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters.", "upstream_fix": "samba 4.3.6, samba 4.1.23, samba 4.4.0rc4, samba 4.2.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7560\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7560\nhttps://www.samba.org/samba/security/CVE-2015-7560.html" ], "name": "CVE-2015-7560", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8680\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8680\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8680", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-08T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.", "A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion." ], "acknowledgement": "This issue was discovered by Simo Sorce (Red Hat).", "upstream_fix": "krb5 1.14.1, krb5 1.13.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8631\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8631" ], "name": "CVE-2015-8631", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.", "In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the version of Linux kernel package as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000004\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000004" ], "name": "CVE-2018-1000004", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-201", "details": [ "Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 52.9." ], "upstream_fix": "thunderbird 52.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12372\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12372" ], "name": "CVE-2018-12372", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5102\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5102\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102" ], "name": "CVE-2018-5102", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8743\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8743\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8743", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-918", "details": [ "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.", "A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network." ], "statement": "Impact of the flaw set to Important because the actions an attacker can do varies a lot based on the kind of infrastructure in place, the kind of internal services and resources, and the available endpoints on those services. The attacker should also perform some kind of target-specific reconnaissance in order to find out all the above information.\nThe version of httpd as shipped in Red Hat Enterprise Linux 7 is affected by this flaw even if the upstream code was not, because the Unix Domain Socket support required to trigger the flaw was backported.\nThe version of httpd as shipped in Red hat Enterprise Linux 6 is not affected by this flaw because there is no support for Unix Domain Socket.\nThe flaw can be triggered only if mod_proxy is in use (e.g. ProxyPass, ReverseProxy is used in the httpd configuration files).", "upstream_fix": "httpd 2.4.49", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-40438\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40438" ], "name": "CVE-2021-40438", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7210\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7210\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-138.html" ], "name": "CVE-2015-7210", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-25T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.", "A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2 and may be addressed in future updates. \nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5829\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5829" ], "name": "CVE-2016-5829", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-24T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.", "It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo." ], "acknowledgement": "Red Hat would like to thank Grisha Levit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7091\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7091" ], "name": "CVE-2016-7091", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-682->CWE-130", "details": [ "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability." ], "upstream_fix": "expat 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-45960\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45960\nhttps://github.com/libexpat/libexpat/issues/531" ], "name": "CVE-2021-45960", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T09:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-131", "details": [ "A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability.", "A flaw was found in the Linux kernel. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability." ], "statement": "Only local users, including unprivileged users in a cointainer, can trigger this flaw. However, the impact could be high, especially on multi-tenant systems, because after the attack the system rendered inaccessible for some time (at least until reboot), so the impact has been increased to Important.", "acknowledgement": "Red Hat would like to thank Dr. David Alan Gilbert (redhat.com) for reporting this issue.", "upstream_fix": "Linux kernel 5.9-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14385\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14385\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f4020438fab05364018c91f7e02ebdd192085933" ], "name": "CVE-2020-14385", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2022-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-281", "details": [ "Previously Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.
    *This bug only affects Firefox for macOS and Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 91.7 and Thunderbird < 91.7.", "The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory." ], "upstream_fix": "thunderbird 91.7, firefox 91.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-26386\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-26386\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386" ], "name": "CVE-2022-26386", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.", "A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly." ], "statement": "Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key, only network access to the control channel’s configured TCP port is necessary.", "upstream_fix": "bind 9.16.44, bind 9.18.19, bind 9.19.17, bind 9.16.44-S1, bind 9.18.19-S1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3341\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3341" ], "name": "CVE-2023-3341", "mitigation": { "value": "By default, named only allows control-channel connections over the loopback interface, making this attack impossible to carry out over the network. When enabling remote access to the control channel’s configured TCP port, care should be taken to limit such access to trusted IP ranges on the network level, effectively preventing unauthorized parties from carrying out the attack described in this advisory.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.", "A flaw was found in freerdp in versions prior to version 2.0.0-rc4. An integer truncation that leads to a heap-based buffer overflow in the update_read_bitmap_update() function results in a memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8786\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8786" ], "name": "CVE-2018-8786", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks." ], "upstream_fix": "harfbuzz 7.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25193\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25193" ], "name": "CVE-2023-25193", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP address via vectors involving a crafted web site that leverages file:// mishandling in Firefox, aka TorMoil. NOTE: Tails is unaffected.", "Firefox proxy settings can be bypassed by using the automount feature with autofs to create a mount point on the local file system. Content can be loaded from this mounted file system directly using a `file:` URI, bypassing configured proxy settings. This issue only affects OS X in default configuration; on Linux systems, autofs must also be installed for the vulnerability to occur." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-16541\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16541\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2017-16541" ], "name": "CVE-2017-16541", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.", "A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9444\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9444\nhttps://kb.isc.org/article/AA-01441" ], "name": "CVE-2016-9444", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.", "A flaw was found in the log4j 1.x chainsaw component, where the contents of certain log entries are deserialized and possibly permit code execution. This flaw allows an attacker to send a malicious request with serialized data to the server to be deserialized when the chainsaw component is run." ], "statement": "Chainsaw is a standalone graphical user interface for viewing log entries in log4j. This flaw may be bypassed by using other available means to access log entries.\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\nRed Hat Virtualization ships a vulnerable version of the log4j package, however chainsaw is not part of typical use cases. An attacker looking to exploit this would need to not only be able to generate a malicious log entry, but also have the necessary access and permissions to start chainsaw on the engine node. Therefore the impact of this vulnerability for Red Hat Virtualization is rated Low.\nSimilar to Red Hat Virtualization in OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of log4j package, however vulnerable chainsaw component is not used by default. Therefore the impact to OCP is reduced to Low.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-23307\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23307\nhttps://www.openwall.com/lists/oss-security/2022/01/18/5" ], "name": "CVE-2022-23307", "mitigation": { "value": "These are the mitigations available for this flaw for log4j 1.x:\n- Avoid using Chainsaw to view logs, and instead use some other utility, especially if there is a log view available within the product itself.\n- Remove the Chainsaw classes from the log4j jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/chainsaw/*\n```\n(log4j jars may be nested in zip archives within product)", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3231\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3231" ], "name": "CVE-2017-3231", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4860\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4860\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4860", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4882\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4882\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4882", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6867\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6867\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6867" ], "name": "CVE-2023-6867", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.", "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "This issue was discovered by Peter Hutterer (Red Hat).", "upstream_fix": "xorg-server 21.1.10, xwayland 23.2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6478\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6478\nhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632\nhttps://lists.x.org/archives/xorg-announce/2023-December/003435.html" ], "name": "CVE-2023-6478", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-26T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rob Wu as the original reporter.", "upstream_fix": "thunderbird 78.7, firefox 78.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23953\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23953\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23953" ], "name": "CVE-2021-23953", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-19T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.", "It was discovered that libxml2 could access out-of-bounds memory when parsing unclosed HTML comments. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose heap memory contents." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8710\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8710" ], "name": "CVE-2015-8710", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "An out of bounds read flaw was discovered in libssh2 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3861\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3861\nhttps://www.libssh2.org/CVE-2019-3861.html" ], "name": "CVE-2019-3861", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-451", "details": [ "When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges SophosLabs Offensive Security team as the original reporter.", "upstream_fix": "firefox 79, firefox 78.1, thunderbird 78.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15654\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15654\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15654" ], "name": "CVE-2020-15654", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8558\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8558" ], "name": "CVE-2019-8558", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", "A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory." ], "statement": "Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libxml2.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1819\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1819" ], "name": "CVE-2015-1819", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-20T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The mountpoint_last function in fs/namei.c in the Linux kernel before 3.15.8 does not properly maintain a certain reference count during attempts to use the umount system call in conjunction with a symlink, which allows local users to cause a denial of service (memory consumption or use-after-free) or possibly have unspecified other impact via the umount program.", "A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation." ], "statement": "This issue does not affect Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5 and Red Hat Enterprise MRG 2.\nFuture Linux kernel updates for Red Hat Enterprise Linux 6 and 7 may address\nthis issue.", "acknowledgement": "Red Hat would like to thank Vasily Averin (Parallels) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5045\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5045" ], "name": "CVE-2014-5045", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.", "A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options." ], "upstream_fix": "git 2.8.5, git 2.5.6, git 2.4.12, git 2.11.2, git 2.9.4, git 2.12.3, git 2.10.3, git 2.6.7, git 2.7.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8386\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8386" ], "name": "CVE-2017-8386", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.", "A vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on a negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2.\nFuture Linux kernel updates for the respective releases will address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12192\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12192\nhttp://seclists.org/oss-sec/2017/q4/63" ], "name": "CVE-2017-12192", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8601\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8601\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8601", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-552->CWE-200", "details": [ "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.", "A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot()." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3811" ], "name": "CVE-2019-3811", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.", "A flaw was found in the way the Linux kernel implemented a software flush of the Count Cache (indirect branch cache) and Link (Return Address) Stack on the PowerPC platform. The flushing of these structures helps to prevent SpectreRSB like attacks which may leak information from one user process to another. An unprivileged user could use this flaw to cross the syscall or process boundary and read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "This issue affects versions of the kernel package as shipped with Red Hat Enterprise Linux 6, 7 and 8. Future kernel updates for Red Hat Enterprise Linux 6, 7 and 8 may address this issue.\nThis issue does not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18660\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18660" ], "name": "CVE-2019-18660", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When a device was changed while a stream was about to be destroyed, the stream-reinit task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen a device was changed while a stream was about to be destroyed, the `stream-reinit` task may have been executed after the stream was destroyed, causing a use-after-free and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges C.M.Chang as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6807\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6807\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807" ], "name": "CVE-2020-6807", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.", "A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0816\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0816\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-33.html" ], "name": "CVE-2015-0816", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2756\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2756" ], "name": "CVE-2020-2756", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-23T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.", "It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process." ], "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0181\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0181" ], "name": "CVE-2014-0181", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1840\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1840" ], "name": "CVE-2016-1840", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-352", "details": [ "The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.", "A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3718\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3718" ], "name": "CVE-2016-3718", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-159", "details": [ "When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Trung Pham as the original reporter.", "upstream_fix": "thunderbird 102.10, firefox 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-29539\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29539\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29539" ], "name": "CVE-2023-29539", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7941\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7941" ], "name": "CVE-2015-7941", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5312\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5312" ], "name": "CVE-2015-5312", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "A vulnerability while parsing \"application/http-index-format\" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chamal De Silva as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5445\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5445\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5445" ], "name": "CVE-2017-5445", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.", "A use-after-free flaw was found in the Xpointer implementation of libxml2. An attacker could use this flaw against an application parsing untrusted XML files and compiled with libxml2 to leak small amount of memory data." ], "statement": "This flaw can be triggered by parsing untrusted XML files via applications compiled with libxml2 causing the application to crash. For web browsers or browser like applications, which parse untrusted web content, it may be possible to trigger this flaw without any user intervention and cause remote code execution with the permissions of the user running the browser. For other applications this flaw is difficult to trigger and even difficult to exploit in real life situations.\nThe status of mingw-libxml2 package in RHEL-8 is marked as \"not-affected\" because it does not impact end-users.", "upstream_fix": "libxml2 2.9.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4658\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4658" ], "name": "CVE-2016-4658", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository." ], "upstream_fix": "openssl 1.0.2n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3738\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3738\nhttps://www.openssl.org/news/secadv/20171207.txt" ], "name": "CVE-2017-3738", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-674", "details": [ "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.", "Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3705\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3705" ], "name": "CVE-2016-3705", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9200\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9200" ], "name": "CVE-2019-9200", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14779\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14779" ], "name": "CVE-2020-14779", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of crafted keymap files." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15856\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15856" ], "name": "CVE-2018-15856", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.", "A race condition was found in mod_auth_digest when the web server was running in a threaded MPM configuration. It could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions." ], "statement": "Based on the the fact that digest authentication is rarely used in modern day web applications and httpd package shipped with Red Hat products do not ship threaded MPM configuration by default, this flaw has been rated as having Moderate level security impact. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This flaw has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "httpd 2.4.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0217\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0217\nhttp://www.apache.org/dist/httpd/CHANGES_2.4\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2019-0217", "mitigation": { "value": "This flaw only affects a threaded server configuration, so using the prefork MPM is an effective mitigation. In versions of httpd package shipped with Red Hat Enterprise Linux 7, the prefork MPM is the default configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.", "A flaw was found in the alarm_timer_nsleep() function in kernel/time/alarmtimer.c in the Linux kernel. The ktime_add_safe() function is not used and an integer overflow can happen causing an alarm not to fire or possibly a denial-of-service if using a large relative timeout." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13053\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13053" ], "name": "CVE-2018-13053", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71.", "A use-after-free flaw was found in Mozilla Network Security Services (NSS) related to PK11 session handling. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled with NSS." ], "statement": "This flaw was fixed in upstream nss-3.47. Exploitation of this flaw is difficult and even impossible in most cases.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "upstream_fix": "nss 3.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11756\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11756\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes" ], "name": "CVE-2019-11756", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-25T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.", "A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8160\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8160" ], "name": "CVE-2014-8160", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-22T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack.", "It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.", "upstream_fix": "postgresql 9.0.20, postgresql 9.1.16, postgresql 9.3.7, postgresql 9.2.11, postgresql 9.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3167\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3167" ], "name": "CVE-2015-3167", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9663\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9663" ], "name": "CVE-2014-9663", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-248", "details": [ "The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.", "A flaw was found in the Linux kernel, where it allows userspace processes, for example, a guest VM, to directly access h/w devices via its VFIO driver modules. The VFIO modules allow users to enable or disable access to the devices' MMIO memory address spaces. If a user attempts to access the read/write devices' MMIO address space when it is disabled, some h/w devices issue an interrupt to the CPU to indicate a fatal error condition, crashing the system. This flaw allows a guest user or process to crash the host system resulting in a denial of service." ], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of the kernel package as shipped with Red Hat Enterprise Linux 7 and 8. Future kernel updates for Red Hat Enterprise Linux 7 and 8 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12888\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12888" ], "name": "CVE-2020-12888", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an `iframe` element, which used a `srcdoc` attribute to define the internal HTML document, remote objects specified in the nested document (for example, images or videos), were not blocked. Rather, the network was accessed, and the objects were loaded and displayed." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sarah Jamie Lewis as the original reporter.", "upstream_fix": "thunderbird 102.2.1, thunderbird 91.13.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-3032\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3032\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3032\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-39/#CVE-2022-3032" ], "name": "CVE-2022-3032", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-17T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The SpliceImage function in MagickCore/transform.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (application crash) via a crafted png file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8897\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8897\nhttp://seclists.org/oss-sec/2016/q2/459\nhttp://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466" ], "name": "CVE-2015-8897", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.", "A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Moderate impact because it affects only specific hardware enabled systems.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18808\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18808" ], "name": "CVE-2019-18808", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module ccp. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.", "A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. As this issue is rated as Important, it has been scheduled to be fixed in future updates for the respective releases.", "acknowledgement": "Red Hat would like to thank Alexander Popov for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2636\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2636\nhttps://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html\nhttps://access.redhat.com/security/vulnerabilities/CVE-2017-2636" ], "csaw": true, "name": "CVE-2017-2636", "mitigation": { "value": "The n_hdlc kernel module will be automatically loaded when an application attempts to use the HDLC line discipline from userspace. This module can be prevented from being loaded by using the system-wide modprobe rules. The following command, run as root, will prevent accidental or intentional loading of the module. Red Hat Product Security believe this method is a robust method to prevent accidental loading of the module, even by privileged users.\n​# echo \"install n_hdlc /bin/true\" >> /etc/modprobe.d/disable-n_hdlc.conf\nThe system will need to be restarted if the n_hdlc modules are already loaded. In most circumstances, the n_hdlc kernel modules will be unable to be unloaded if in use and while any current process using this line discipline is required.\nExploiting this flaw does not require Microgate or SyncLink hardware to be in use.\nIf further assistance is needed, see this KCS article ( https://access.redhat.com/solutions/41278 ) or contact Red Hat Global Support Services.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8586\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8586\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8586", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.", "An out-of-bounds heap read flaw was found in GStreamer's MPEG-TS decoder. A remote attacker could use this flaw to cause an application using GStreamer to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9812\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9812" ], "name": "CVE-2016-9812", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-26T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs are present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank Andrew McCreight, André Bargull, Chris Peterson, and the Mozilla project for reporting this issue. Upstream acknowledges Nika Layzell and the Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "firefox 115.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5176\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5176" ], "name": "CVE-2023-5176", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-352", "details": [ "GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).", "A Cross-Site Request Forgery (CSRF) attack can be performed in mailman due to a CSRF token bypass. CSRF tokens are not checked against the right user and a token created by one user can be used by another one to perform a request, effectively bypassing the protection provided by CSRF tokens. A remote attacker with an account on the mailman system can use this flaw to perform a CSRF attack and perform operations on behalf of the victim user." ], "upstream_fix": "mailman 2.1.35", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-42097\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-42097" ], "name": "CVE-2021-42097", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Shinto K Anto as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7193\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7193\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-127.html" ], "name": "CVE-2015-7193", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.", "A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report() in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-9363\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-9363" ], "name": "CVE-2018-9363", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2767\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2767" ], "name": "CVE-2020-2767", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A flaw was found in hw. The unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to enable information disclosure via local access." ], "acknowledgement": "Red Hat would like to thank Johannes Wikner (ETH Zurich) and Kaveh Razavi (ETH Zurich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-28693\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28693\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html" ], "name": "CVE-2022-28693", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35556\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35556" ], "name": "CVE-2021-35556", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-01T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chiaki Ishikawa as the original reporter.", "upstream_fix": "thunderbird 78.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26970\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26970\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970" ], "name": "CVE-2020-26970", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7194\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7194\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-128.html" ], "name": "CVE-2015-7194", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-21T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-119", "details": [ "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.", "A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Arjun Shankar (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1781\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1781" ], "name": "CVE-2015-1781", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-08T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address.", "An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.\nThis issue has been rated as having Low security impact and is not currently planned to be addressed in future updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9419\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9419" ], "name": "CVE-2014-9419", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Mozilla community member Philipp reported a memory safety bug present in Firefox 68 when 360 Total Security was installed. This bug showed evidence of memory corruption in the accessibility engine and we presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was found in the 360 Total Security code in Firefox and Thunderbird. Memory corruption is possible in the accessibility engine that could lead to an exploit to run arbitrary code. This vulnerability could be exploited over a network connection and would affect confidentiality and integrity of information as well as availability of the system." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11758\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11758\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758" ], "name": "CVE-2019-11758", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.", "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of this product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8890\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8890" ], "name": "CVE-2017-8890", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-02T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "status": "verified" }, "details": [ "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\" NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.", "It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space." ], "acknowledgement": "This issue was discovered by Red Hat.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0774\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0774" ], "name": "CVE-2016-0774", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-330", "details": [ "cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.", "A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user." ], "upstream_fix": "cloud-init 20.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8631\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8631" ], "name": "CVE-2020-8631", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-185", "details": [ "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection." ], "acknowledgement": "Red Hat would like to thank Hugo van der Sanden and Slaven Rezic for reporting this issue.", "upstream_fix": "perl 5.30.3, perl 5.28.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10878\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10878" ], "name": "CVE-2020-10878", "mitigation": { "value": "To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-30T12:53:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.", "A flaw was found in the Linux kernel's Marvell wifi chip driver. A heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c allows remote attackers to cause a denial of service(system crash) or execute arbitrary code." ], "statement": "This flaw is currently rated as Important as it is possible for an attacker to setup a wifi access point with identical configuration in another location and intercept have the system auto connect and possibly be exploited.", "acknowledgement": "Red Hat would like to thank huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3846\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3846\nhttps://seclists.org/oss-sec/2019/q2/133" ], "name": "CVE-2019-3846", "mitigation": { "value": "This flaw requires a system with marvell wifi network card to be attempting to connect to a attacker controlled wifi network. A temporary mitigation may be to only connect to known-good networks via wifi, or connect to a network via ethernet. Alternatively if wireless networking is not used the mwifiex kernel module can be blacklisted to prevent misuse of the vulnerable code.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because lookup failures are mishandled." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15859\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15859" ], "name": "CVE-2018-15859", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.", "A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5285\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5285" ], "name": "CVE-2016-5285", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-319", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JNDI). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14781\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14781" ], "name": "CVE-2020-14781", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-400", "details": [ "By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.", "A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service." ], "acknowledgement": "Red Hat would like to thank Anat Bremler-Barr (Reichman University), Shani Stajnrod (Reichman University), and Yehuda Afek (Tel-Aviv University) for reporting this issue.", "upstream_fix": "bind 9.16.33, bind 9.18.7, bind 9.19.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2795\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2795\nhttps://kb.isc.org/docs/cve-2022-2795" ], "name": "CVE-2022-2795", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-17T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.", "A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7145\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7145" ], "name": "CVE-2014-7145", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.", "It was discovered that the snmp_pdu_parse() mishandles error codes and is vulnerable to a heap corruption within the parsing of the PDU prior to the authentication process. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000116\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000116\nhttps://sourceforge.net/p/net-snmp/bugs/2821/" ], "name": "CVE-2018-1000116", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.", "A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3460\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3460" ], "name": "CVE-2019-3460", "mitigation": { "value": "- Disabling the bluetooth hardware in the bios.\n- Prevent loading of the bluetooth kernel modules.\n- Disable the bluetooth connection by putting the system in \"airport\" mode.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue existed in the handling of synchronous page loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8649\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8649\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8649", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5157\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5157\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157" ], "name": "CVE-2018-5157", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jason Kratzer as the original reporter.", "upstream_fix": "thunderbird 68.12, firefox 68.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15669\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15669\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669" ], "name": "CVE-2020-15669", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8678\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8678\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8678", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to \"javascript rule evaluation.\"", "A denial of service flaw was found in how polkit handled authorization requests. A local, unprivileged user could send malicious requests to polkit, which could then cause the polkit daemon to corrupt its memory and crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3256\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3256" ], "name": "CVE-2015-3256", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "JIT code allocation can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rh0 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5375\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5375\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5375" ], "name": "CVE-2017-5375", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-15T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.", "A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6828\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6828" ], "name": "CVE-2016-6828", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0813\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0813\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-31.html" ], "name": "CVE-2015-0813", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-08-28T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228->CWE-617", "details": [ "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"", "A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid." ], "acknowledgement": "Red Hat would like to thank Squid project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter.", "upstream_fix": "squid 3.3.13, squid 3.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3609\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3609\nhttp://www.squid-cache.org/Advisories/SQUID-2014_2.txt" ], "name": "CVE-2014-3609", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10347\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10347" ], "name": "CVE-2017-10347", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-21T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.", "It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes." ], "acknowledgement": "Red Hat would like to thank Jeff Layton for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5229\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5229" ], "name": "CVE-2015-5229", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.", "A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with\nRed Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this\nissue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8086\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8086" ], "name": "CVE-2014-8086", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-451->CWE-347", "details": [ "A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with arbitrary content. This vulnerability affects Thunderbird < 60.5.1." ], "upstream_fix": "thunderbird 60.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18509\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18509" ], "name": "CVE-2018-18509", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2952\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2952" ], "name": "CVE-2018-2952", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).", "It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3526\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3526\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3526", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-158", "details": [ "A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.", "A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL." ], "statement": "X.org server does not run with root privileges in Red Hat Enterprise Linux 8 and 9; therefore, Red Hat Enterprise Linux 8 and 9 have been rated with Moderate severity.", "acknowledgement": "Red Hat would like to thank Donn Seeley and Olivier Fourdan for reporting this issue.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0408\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0408" ], "name": "CVE-2024-0408", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8823\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8823\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8823", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.8, firefox 91.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-28281\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28281\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28281\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28281" ], "name": "CVE-2022-28281", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21282\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21282" ], "name": "CVE-2022-21282", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2778\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2778" ], "name": "CVE-2020-2778", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during video control operations when a \"\" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7750\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7750\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750" ], "name": "CVE-2017-7750", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-29T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.", "It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application." ], "acknowledgement": "Red Hat would like to thank Mahmoud Al-Qudsi (NeoSmart Technologies) for reporting this issue.", "upstream_fix": "hivex 1.3.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9273\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9273" ], "name": "CVE-2014-9273", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-06-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In the nsTArray_Impl::ReplaceElementsAt() function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIn the `nsTArray_Impl::ReplaceElementsAt()` function, where an integer overflow could occur when the number of elements to replace was too large for the container." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "thunderbird 91.11, thunderbird 102, firefox 91.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-34481\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34481\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34481\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34481" ], "name": "CVE-2022-34481", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "It was found that the \"mknod\" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.", "It was found that the \"mknod\" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10923\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10923" ], "name": "CVE-2018-10923", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c.", "A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Michal Zalewski (Google) as the original reporter.", "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.0r, openssl 1.0.2a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0289\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0289\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0289", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N).", "It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2629\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2629" ], "name": "CVE-2018-2629", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michał Bentkowski as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 68.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17022\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17022\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17022" ], "name": "CVE-2019-17022", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-04-18T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-732", "details": [ "It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.", "It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by David Howells (Red Hat).", "upstream_fix": "kernel 4.11-rc8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9604\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9604" ], "name": "CVE-2016-9604", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-14T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.", "It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections." ], "upstream_fix": "tomcat 7.0.59, tomcat 6.0.44, tomcat 8.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7810\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7810\nhttp://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.59\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.17" ], "name": "CVE-2014-7810", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.", "If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9500\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9500\nhttps://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html#cve-2019-9500-heap-buffer-overflow-in-brcmf-wowl-nd-results\nhttps://kb.cert.org/vuls/id/166939/\nhttps://www.bleepingcomputer.com/news/security/broadcom-wifi-driver-flaws-expose-computers-phones-iot-to-rce-attacks/" ], "name": "CVE-2019-9500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.", "It was found that encrypted connections did not honor the 'ioblocktimeout' parameter to end blocking requests. As a result, an unauthenticated attacker could repeatedly start a sufficient number of encrypted connections to block all workers, resulting in a denial of service." ], "upstream_fix": "389-ds-base 1.4.0.24, 389-ds-base 1.4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3883\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3883" ], "name": "CVE-2019-3883", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-26T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-193", "details": [ "Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the \"word_lineno\" issue.", "An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash." ], "statement": "Red Hat Product Security does not consider this bug to have any security impact on the bash packages shipped in Red Hat Enterprise Linux. A fix for this issue was applied as a hardening in RHSA-2014:1306, RHSA-2014:1311, and RHSA-2014:1312.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7187\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7187" ], "name": "CVE-2014-7187", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-11T18:47:00Z", "cvss3": { "cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-672", "details": [ "Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.", "A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw appears to impact systems in special cases involving installing flatpak applications and runtimes system-wide. Installation of flatpak applications and runtimes locally should not be impacted.", "upstream_fix": "flatpak 1.0.7, flatpak 1.2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8308\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8308" ], "name": "CVE-2019-8308", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2945\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2945" ], "name": "CVE-2019-2945", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-05T05:43:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.", "A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, Red Hat Enterprise MRG 2 and real-time kernels. Future updates for the respective releases may address this issue.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE.", "acknowledgement": "Red Hat would like to thank Mohamed Ghannam for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-8824\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-8824" ], "name": "CVE-2017-8824", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frederik Braun as the original reporter.", "upstream_fix": "thunderbird 78.10, firefox 78.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29946\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29946\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29946" ], "name": "CVE-2021-29946", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-10T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.", "A buffer overflow flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Olivier Fourdan (Red Hat).", "upstream_fix": "xorg-x11-server 1.17.1, xorg-x11-server 1.16.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0255\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0255\nhttp://www.x.org/wiki/Development/Security/Advisory-2015-02-10/" ], "name": "CVE-2015-0255", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-179", "details": [ "When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Thejaka Maldeniya as the original reporter.", "upstream_fix": "thunderbird 115.2, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4583\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4583\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4583" ], "name": "CVE-2023-4583", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-415", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.", "A double-free flaw was found in u32_set_parms in net/sched/cls_u32.c in the Network Scheduler component in the Linux kernel. This flaw allows a local attacker to use a failure event to mishandle the reference counter, leading to a local privilege escalation threat." ], "upstream_fix": "Kernel 6.4-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3609\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3609\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc" ], "name": "CVE-2023-3609", "mitigation": { "value": "To mitigate this issue, prevent module cls_u32 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", "A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability." ], "statement": "This is a flaw in the GENERAL_NAME_cmp function of openssl which can be triggered when both its arguments are of the same type i.e. EDIPARTYNAME. \n1. Red Hat does not ship any applications compiled with openssl, which used the above function in a vulnerable way.\n2. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes, when comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate and when verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token). If an attacker can control both items being compared then that attacker could trigger a crash. For example, if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then a crash may be triggered.\nThird party applications compiled with openssl using the function GENERAL_NAME_cmp in a vulnerable way are affected by this flaw.\nGENERAL_NAME_cmp was added in 0.9.8k, therefore older versions of openssl are not affected by this flaw.", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Benjamin (Google) as the original reporter.", "upstream_fix": "openssl 1.1.1i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1971\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1971\nhttps://www.openssl.org/news/secadv/20201208.txt" ], "name": "CVE-2020-1971", "mitigation": { "value": "Applications not using the GENERAL_NAME_cmp of openssl are not vulnerable to this flaw. Even when this function is used, if the attacker can control both the arguments of this function, only then the attacker could trigger a crash.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in X.Org Server. An Out-Of-Bounds access in XkbSetNames function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.", "acknowledgement": "Red Hat would like to thank X.org project for reporting this issue. Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter.", "upstream_fix": "xorg-x11-server 1.20.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14345\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14345\nhttps://lists.x.org/archives/xorg-announce/2020-August/003058.html" ], "name": "CVE-2020-14345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-185", "details": [ "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls." ], "acknowledgement": "Red Hat would like to thank Sergey Aleynikov for reporting this issue.", "upstream_fix": "perl 5.30.3, perl 5.28.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12723\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12723" ], "name": "CVE-2020-12723", "mitigation": { "value": "To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.", "A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6908\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6908" ], "name": "CVE-2015-6908", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.", "A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accepts certificates only from trusted root certificate authorities." ], "statement": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5010\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5010\nhttps://python-security.readthedocs.io/vuln/ssl-crl-dps-dos.html" ], "name": "CVE-2019-5010", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-833", "details": [ "The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.", "The Serial Attached SCSI (SAS) implementation in the Linux kernel mishandles a mutex within libsas. This allows local users to cause a denial of service (deadlock) by triggering certain error-handling code." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18232\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18232" ], "name": "CVE-2017-18232", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-30T00:00:00Z", "cvss": { "cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C", "status": "verified" }, "cwe": "CWE-667", "details": [ "Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets, as demonstrated by setsockopt calls.", "A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2.", "acknowledgement": "This issue was discovered by Ji Jianwen (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3212\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3212" ], "name": "CVE-2015-3212", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Eric Lawrence of Chrome Security as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5408\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5408\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5408" ], "name": "CVE-2017-5408", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-12-12T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Christian Holler, Diego Calleja, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12405\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12405\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405" ], "name": "CVE-2018-12405", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-09-07T08:25:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the \"Routing decision\" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "A flaw was found in the \"Routing decision\" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "This flaw is rated as having Moderate impact (Red Hat Enterprise Linux 7 and lower) because of the need to have CAP_NET_ADMIN privileges and that Red Hat Enterprise Linux 7 disabled unprivileged user/network namespaces by default.\nThis flaw is rated as having Important impact (Red Hat Enterprise Linux 8) because Red Hat Enterprise Linux 8 enabled unprivileged user/network namespaces by default which can be used to gain CAP_NET_ADMIN privileges in corresponding user namespace even for otherwise unprivileged local user and thus exercise this vulnerability.", "acknowledgement": "Red Hat would like to thank Zhenpeng Lin for reporting this issue.", "upstream_fix": "Kernel 5.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3715\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3715\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359" ], "name": "CVE-2021-3715", "mitigation": { "value": "In order to mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel module cls_route.ko. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278.\nAlternatively, if cls_route is being used, on Red Hat Enterprise Linux 8, you can disable unprivileged user namespaces by setting user.max_user_namespaces to 0:\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-10-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-285", "details": [ "multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.", "A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-41974\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41974\nhttps://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt" ], "name": "CVE-2022-41974", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-30T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.", "A flaw was found in the way the sit_init_net function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (system-wide out-of-memory condition, high privileges or physical access).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16994\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16994" ], "name": "CVE-2019-16994", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502->CWE-94", "details": [ "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "upstream_fix": "xstream 1.4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-21345\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21345" ], "name": "CVE-2021-21345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15694\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15694" ], "name": "CVE-2019-15694", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.", "A NULL pointer dereference flaw was found in the way the LINE6 drivers in the Linux kernel allocated buffers for USB packets. This flaw allows an attacker with physical access to the system to crash the system." ], "statement": "This issue is rated as having Low impact because of the physical access needed to trigger this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15221\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15221" ], "name": "CVE-2019-15221", "mitigation": { "value": "To mitigate this issue, prevent module snd-usb-line6 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5264\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5264\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-79.html" ], "name": "CVE-2016-5264", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nUnexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gabriele Svelto as the original reporter.", "upstream_fix": "thunderbird 102.10, firefox 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-1945\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1945\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945" ], "name": "CVE-2023-1945", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-15T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.", "A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9806\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9806" ], "name": "CVE-2016-9806", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, incorrectly validates a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1526\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1526\nhttp://www.talosintel.com/reports/TALOS-2016-0061/" ], "name": "CVE-2016-1526", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-78", "details": [ "contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.", "It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt." ], "upstream_fix": "git 1.9.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9938\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9938" ], "name": "CVE-2014-9938", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-862", "details": [ "A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.", "A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly." ], "statement": "In the OpenShift Container Platform (OCP) the container escape and privilege escalation caused by the CVE-2022-0492 vulnerability are blocked by the SELinux policy enabled (by default) on the OCP cluster nodes.\nRed Hat Virtualization requires SELinux running in enforcing mode[1] on all hypervisors and managers, which blocks this vulnerability.\n1. https://access.redhat.com/solutions/499473", "acknowledgement": "Red Hat would like to thank Kevin Wang (Huawei) and Yiqi Sun (Nebula Lab) for reporting this issue.", "upstream_fix": "kernel 5.17 rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-0492\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0492\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=24f6008564183aa120d07c03d9289519c2fe02af" ], "name": "CVE-2022-0492", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each.", "A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server." ], "statement": "This is a protocol flaw which affects IKEv1. All complaint implementations are therefore affected by this flaw. Red Hat Product Security team, does not consider IKEv2 to be affected. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1308508#c2", "upstream_fix": "libreswan 3.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5361\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5361" ], "name": "CVE-2016-5361", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22036\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22036" ], "name": "CVE-2023-22036", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting (XSS) vulnerability in the web UI in Mailman before 2.1.26 allows remote attackers to inject arbitrary web script or HTML via a user-options URL.", "A cross-site scripting (XSS) flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions." ], "upstream_fix": "mailman 2.1.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5950\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5950" ], "name": "CVE-2018-5950", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6." ], "upstream_fix": "LibreOffice 6.3.0, LibreOffice 6.2.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9850\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9850\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9850" ], "name": "CVE-2019-9850", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-391", "details": [ "The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error.", "It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system was in a state that would cause the standard library functions to fail (for example, memory exhaustion), an authenticated user could possibly exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This flaw has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.", "upstream_fix": "postgresql 9.2.11, postgresql 9.0.20, postgresql 9.1.16, postgresql 9.3.7, postgresql 9.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3166\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3166" ], "name": "CVE-2015-3166", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of invalidating JIT code while following an iterator. The newly generated code could be overwritten incorrectly, leading to a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "thunderbird 102.9, firefox 102.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25751\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25751\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25751\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25751" ], "name": "CVE-2023-25751", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-09-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.", "A flaw was found in the Linux kernel. A local attacker, able to inject conntrack netlink configuration, could overflow a local buffer causing crashes or triggering the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw is rated as having Moderate impact (Red Hat Enterprise Linux 7 and lower) because of the need to have CAP_NET_ADMIN privileges.\nThis flaw is rated as having Important (Red Hat Enterprise Linux 8) impact because of the need to have CAP_NET_ADMIN privileges. Red Hat Enterprise Linux 8 enabled unprivileged user/network namespaces by default which can be used to exercise this vulnerability.", "acknowledgement": "Red Hat would like to thank Will McVicker (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25211\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25211\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6" ], "name": "CVE-2020-25211", "mitigation": { "value": "To mitigate this issue, prevent module nf_conntrack_netlink from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.\nAlternatively, if nf_conntrack_netlink is being used, on Red Hat Enterprise Linux 8, you can disable unprivileged user namespaces by setting user.max_user_namespaces to 0:\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-02-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1523\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1523\nhttp://www.talosintel.com/reports/TALOS-2016-0059/" ], "name": "CVE-2016-1523", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-07-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.", "A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jesse Schwartzentruber and Tyson Smith as the original reporters.", "upstream_fix": "nss 3.16.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1544\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1544\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-63.html" ], "name": "CVE-2014-1544", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by nm-new." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10373\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10373" ], "name": "CVE-2018-10373", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.", "A flaw was found in the ISCSI target code in the Linux kernel. The flaw allows an unauthenticated, remote attacker to cause a stack buffer overflow of 17 bytes of the stack. Depending on how the kernel was compiled (e.g. compiler, compile flags, and hardware architecture), the attack may lead to a system crash or access to data exported by an iSCSI target. Privilege escalation cannot be ruled out. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank Vincent Pelletier for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14633\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14633" ], "name": "CVE-2018-14633", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 91.12, thunderbird 102.1, firefox 102.1, firefox 91.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-36319\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36319\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36319" ], "name": "CVE-2022-36319", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Umar Farooq as the original reporter.", "upstream_fix": "thunderbird 115.2, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4053\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4053\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4053" ], "name": "CVE-2023-4053", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-400|CWE-122)", "details": [ "A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.", "A heap overflow flaw was found in the Linux kernel's Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system." ], "acknowledgement": "Red Hat would like to thank Huangwen and Wang Qize (ADLab of VenusTech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14901\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14901" ], "name": "CVE-2019-14901", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." ], "upstream_fix": "openoffice 4.1.2, libreoffice 5.0.0, libreoffice 4.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5213\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5213\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/\nhttp://www.openoffice.org/security/cves/CVE-2015-5213.html" ], "name": "CVE-2015-5213", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-14T17:00:00Z", "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-203->CWE-385", "details": [ "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11091\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11091" ], "csaw": true, "name": "CVE-2019-11091" }, { "threat_severity": "Moderate", "public_date": "2022-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-459", "details": [ "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to enable information disclosure via local access." ], "statement": "Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA, and documentation) for releasing this content as RHSA. For more information please contact the binary content vendor.", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21123\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21123\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html" ], "name": "CVE-2022-21123", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416->CWE-476", "details": [ "In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.", "A flaw was found in the Linux kernel’s implementation for ADU devices from Ontrak Control Systems, where an attacker with administrative privileges and access to a local account could pre-groom the memory and physically disconnect or unload a module. The attacker must be able to access either of these two events to trigger the use-after-free, and then race the access to the use-after-free, to create a situation where key USB structs can be manipulated into corrupting memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19523\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19523" ], "name": "CVE-2019-19523", "mitigation": { "value": "As the system module will be auto-loaded when a device that uses the driver is attached (via USB), its use can be disabled by preventing the module from loading with the following instructions:\n# echo \"install adutux /bin/true\" >> /etc/modprobe.d/disable-adutux.conf\nThe system will need to be restarted if the adutux module are loaded. In most circumstances, the kernel modules will be unable to be unloaded while any hardware is in use.\nIf the system requires this module to work correctly, this mitigation may not be suitable.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-10-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-208", "details": [ "NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens before any padding operations, it affects all padding modes: PKCS#1 v1.5, OAEP, and RSASVP. Both API level calls and TLS server operation are affected." ], "acknowledgement": "This issue was discovered by Hubert Kario (Red Hat).", "upstream_fix": "firefox 115.9, thunderbird 115.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5388\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5388\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2023-5388\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2023-5388" ], "name": "CVE-2023-5388", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35559\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35559" ], "name": "CVE-2021-35559", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "(CWE-190|CWE-125)", "details": [ "In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.", "A vulnerability was found in the Linux kernel’s floppy disk driver implementation. A local attacker with access to the floppy device could call set_geometry in drivers/block/floppy.c, which does not validate the sect and head fields, causing an integer overflow and out-of-bounds read. This flaw may crash the system or allow an attacker to gather information causing subsequent successful attacks." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14283\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14283\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da99466ac243f15fbba65bd261bfc75ffa1532b6\nhttps://github.com/torvalds/linux/commit/da99466ac243f15fbba65bd261bfc75ffa1532b6" ], "name": "CVE-2019-14283", "mitigation": { "value": "The kernel module named 'floppy' contains the affected code, this can be blacklisted using the standard blacklisting techniques or disabled in the systems BIOS. See https://access.redhat.com/solutions/41278 for how to blacklist a kernel module.\nVirtualized guest systems can also remove the system from the guests configuration to ensure that the module does not load.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges James Grant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5129\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5129\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5129" ], "name": "CVE-2018-5129", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "The bufferdata function in WebGL is vulnerable to a buffer overflow with specific graphics drivers on Linux. This could result in malicious content freezing a tab or triggering a potentially exploitable crash. *Note: this issue only occurs on Linux. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges crixer as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11693\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11693\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11693" ], "name": "CVE-2019-11693", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-172", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2593\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2593" ], "name": "CVE-2020-2593", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.", "A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. The highest threat is to confidentiality and integrity of data as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue.", "upstream_fix": "nss 3.46", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17006\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17006\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes" ], "name": "CVE-2019-17006", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "firefox 115.10, thunderbird 115.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-3861\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3861\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3861\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3861" ], "name": "CVE-2024-3861", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-07T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.", "A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Jann Horn for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4565\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4565" ], "name": "CVE-2016-4565", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21248\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21248" ], "name": "CVE-2022-21248", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-06-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.", "A vulnerability was found in squid (Web proxy cache server). This issue occurs due to improper buffer management while processing Gopher server responses. This flaw leads to a remote denial of service or a crash if it receives specially crafted network traffic, either by mistake or a malicious actor." ], "upstream_fix": "squid 5.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-46784\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46784\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w" ], "name": "CVE-2021-46784", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-01-29T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being freed while still in use, leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yaniv Frank (SophosLabs) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18500\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18500\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18500" ], "name": "CVE-2018-18500", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-122|CWE-125)", "details": [ "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read." ], "upstream_fix": "thunderbird 68.2, firefox 68.2, expat 2.2.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15903\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15903" ], "name": "CVE-2019-15903", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nUsing the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong as the original reporter.", "upstream_fix": "thunderbird 78.7, firefox 78.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23954\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23954\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23954" ], "name": "CVE-2021-23954", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges The Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "firefox 115.12, thunderbird 115.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-5700\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5700\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5700\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5700" ], "name": "CVE-2024-5700", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen `flex-basis` was used on a table wrapper, a `StyleGenericFlexBasis` object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Pham Bao (VinCSS - Member of Vingroup) as the original reporter.", "upstream_fix": "thunderbird 78.6, firefox 78.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26974\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26974\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26974" ], "name": "CVE-2020-26974", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-27T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.", "The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder." ], "upstream_fix": "tomcat 8.0.37, tomcat 8.5.5, tomcat 6.0.47, tomcat 7.0.72", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0762\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0762\nhttps://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.47\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.72\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.5_and_8.0.37" ], "name": "CVE-2016-0762", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-26T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.", "Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application." ], "statement": "The original issue fixed by OpenSSL upstream contains two distinct fixes. The first one is a format string flaw in the internal fmtstr functions, which may result in a OOB read flaw when printing very large string. This issue was assigned CVE-2016-0799\nThe second issue relates to the internal doapr_outch function of OpenSSL. It can result in an OOB write, or cause memory leaks. This issue has been assigned CVE-2016-2842 by MITRE as is now tracked as https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2842", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.2g, openssl 1.0.1s", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0799\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0799" ], "name": "CVE-2016-0799", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-327", "details": [ "A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in postgresql. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "In Red Hat Gluster Storage 3, PostgreSQL (embedded in rhevm-dependencies) was shipped as a part of Red Hat Gluster Storage Console that is no longer supported for use with Red Hat Gluster Storage 3.5. Red Hat Gluster Storage Web Administration is now the recommended monitoring tool for Red Hat Storage Gluster clusters.\nIn Red Hat Virtualization the manager appliance uses a vulnerable version of postgresql. Once a fix has been shipped for RHEL 8 the appliance can consume the fix via a regular yum update.", "acknowledgement": "Red Hat would like to thank Peter Eisentraut for reporting this issue.", "upstream_fix": "postgresql 9.6.20, postgresql 13.1, postgresql 12.5, postgresql 9.5.24, postgresql 10.15, postgresql 11.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25694\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25694\nhttps://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/" ], "name": "CVE-2020-25694", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.", "It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters.", "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.0r, openssl 1.0.2a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0704\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0704\nhttps://www.openssl.org/news/secadv/20160301.txt" ], "name": "CVE-2016-0704", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox 58 and Firefox ESR 52.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Olli Pettay, Philipp, Ralph Giles, Randell Jesup, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5125\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5125\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5125" ], "name": "CVE-2018-5125", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-665", "details": [ "sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.", "A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel. The stack object “r1” has a total size of 32 bytes. Its field “event” and “val” both contain 4 bytes padding. These 8 bytes padding bytes are sent to user without being initialized." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4578\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4578" ], "name": "CVE-2016-4578", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Under certain conditions, when retrieving a document from a DocShell in the antitracking code, a race condition could cause a use-after-free condition and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "upstream_fix": "thunderbird 68.3, firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17011\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17011\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011" ], "name": "CVE-2019-17011", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-06T00:00:00Z", "cvss": { "cvss_base_score": "1.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.", "An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext." ], "statement": "This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8709\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8709" ], "name": "CVE-2014-8709", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-7595\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7595" ], "name": "CVE-2020-7595", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image.", "A flaw was discovered in the way the python-pillow may allocate a large amount of memory or require a long time while processing specially crafted image files, possibly causing a denial of service. Applications that use the library to process untrusted files may be vulnerable to this flaw." ], "upstream_fix": "python-pillow 6.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16865\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16865" ], "name": "CVE-2019-16865", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash.\n*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Karl and an Anonymous ASAN Nightly User as the original reporter.", "upstream_fix": "thunderbird 102.6, firefox 102.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46881\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46881\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46881\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46881" ], "name": "CVE-2022-46881", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-319", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.", "A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5597\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5597\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5597", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-296", "details": [ "When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chuck Harmston and Robert Hardy as the original reporters.", "upstream_fix": "thunderbird 78, thunderbird 68.10.0, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12421\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12421\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421" ], "name": "CVE-2020-12421", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-266", "details": [ "A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.", "A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Steven French (Microsoft and the Samba Team) as the original reporter.", "upstream_fix": "samba 4.11.15, samba 4.12.9, samba 4.13.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14318\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14318\nhttps://www.samba.org/samba/security/CVE-2020-14318.html" ], "name": "CVE-2020-14318", "mitigation": { "value": "As Samba internally opens an underlying file system handle on a directory when a client requests an open, even for FILE_READ_ATTRIBUTES then if the underlying file system permissions don't allow \"r\" (read) access for the connected user, then the handle open request will be denied.\n\"r\" access is the normal permission needed to list or otherwise reveal the contents of a directory, so if a connected user has \"r\" access then they will be able to list the directory contents normally, and the information received by a ChangeNofity request is already available to the user.\nThe security issue occurs if the Administrator or directory owner had set more restrictive Windows ACL permissions on the directory to disallow read access to the user, and this permissions change was not reflected in the underlying file system permissions.\nThis will only occur if Samba is configured with VFS modules to decouple the underlying file system permissions from the Windows ACLs, by setting up a share with the settings:\n[vulnerable_share]\nvfs_objects = vfs_acl_xattr\nacl_xattr:ignore system acls = yes", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A buffer overflow vulnerability while parsing \"application/http-index-format\" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chamal De Silva as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5444\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5444\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5444" ], "name": "CVE-2017-5444", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3." ], "statement": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5, 6, and 7. This issue affects the versions of python3 as shipped with Red Hat Enterprise Linux 7 and 8. This issue affects the versions of python2 and python36 as shipped with Red Hat Enterprise Linux 8.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "Python 3.6.9, Python 3.5.7, Python 3.7.3, Python 3.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20852\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20852" ], "name": "CVE-2018-20852", "mitigation": { "value": "A potentially simple workaround in the absence of patch on affected versions is to set DomainStrict in the cookiepolicy that would make sure a literal match against domain. The disadvantage would be that cookie set on example.com would not be shared with subdomain which might break workflow.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-25T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-228", "details": [ "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.", "A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUG_ON() in the public_key_verify_signature() function (crypto/asymmetric_keys/public_key.c), to cause a kernel panic and crash the system." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, MRG and realtime kernels.", "acknowledgement": "Red Hat would like to thank Philip Pettersson (Samsung) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2053\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2053" ], "name": "CVE-2016-2053", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.", "An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution." ], "statement": "This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8176\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8176" ], "name": "CVE-2014-8176", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-02-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9674\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9674" ], "name": "CVE-2014-9674", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18897\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18897" ], "name": "CVE-2018-18897", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8506\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8506" ], "name": "CVE-2019-8506", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-158", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21938\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21938" ], "name": "CVE-2023-21938", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2737\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2737\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2737", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.", "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser." ], "statement": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.", "upstream_fix": "jquery 3.5.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11022\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11022\nhttps://github.com/advisories/GHSA-gxr4-xjj5-5px2" ], "name": "CVE-2020-11022", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Through a series of popup and window.print() calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popup and window.print() calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "firefox 102.5, thunderbird 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45404\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45404\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45404\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45404" ], "name": "CVE-2022-45404", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.", "A flaw was found in the Linux kernel's implementation of the HCI UART driver. A local attacker with access permissions to the Bluetooth device can issue an ioctl, which triggers the hci_uart_set_proto() function in drivers/bluetooth/hci_ldisc.c. The flaw in this function can cause memory corruption or a denial of service because of a use-after-free issue when the hci_uart_register_dev() fails." ], "statement": "This flaw is rated as a Moderate as it requires the local attacker to have permissions to issue ioctl commands to the bluetooth device and bluetooth hardware to be present.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15917\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15917" ], "name": "CVE-2019-15917", "mitigation": { "value": "To mitigate this issue, prevent module hci_uart from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8765\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8765\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8765", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.", "A division-by-zero in set_termios(), when debugging is enabled, was found in the Linux kernel. When the [io_ti] driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the change_port_settings() in the drivers/usb/serial/io_ti.c so that the divisor value becomes zero and causes a system crash resulting in a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18360\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18360" ], "name": "CVE-2017-18360", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11713\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11713" ], "name": "CVE-2018-11713", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-08-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", "A security vulnerability was found in zlib. The flaw triggered a heap-based buffer in inflate in the inflate.c function via a large gzip header extra field. This flaw is only applicable in the call inflateGetHeader." ], "statement": "While some Red Hat Products bundle the affected zlib source code, in many cases it is not possible for an attacker to trigger the vulnerable function.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-37434\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-37434" ], "name": "CVE-2022-37434", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-200", "details": [ "When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer.
    *This bug only affects Thunderbird on Unix-based operated systems (Android, Linux, MacOS). Windows is unaffected.*. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Ebert as the original reporter.", "upstream_fix": "firefox 102.5, thunderbird 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45412\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45412\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45412\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45412" ], "name": "CVE-2022-45412", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla Fuzzing Team and the Mozilla Project for reporting this issue. Upstream acknowledges Andrew McCreight, Matthew Gaudet, and Tom Ritter as the original reporters.", "upstream_fix": "thunderbird 102.13, firefox 102.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-37211\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37211\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211" ], "name": "CVE-2023-37211", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-20->CWE-122", "details": [ "Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.", "A buffer overflow flaw was found in the way wpa_supplicant handled SSID information in the Wi-Fi Direct / P2P management frames. A specially crafted frame could allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash or, possibly, execute arbitrary code." ], "statement": "This issue did not affect the wpa_supplicant versions as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank Jouni Malinen (wpa_supplicant upstream) for reporting this issue. Upstream acknowledges Alibaba security team as the original reporter.", "upstream_fix": "wpa_supplicant 2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1863\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1863\nhttp://w1.fi/security/2015-1/" ], "name": "CVE-2015-1863", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2013-09-12T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-362->CWE-201", "details": [ "The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.", "It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data." ], "statement": "This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code, which was introduced in later versions.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-7423\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7423" ], "name": "CVE-2013-7423", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Joe Vennix as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1590\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1590\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-85.html" ], "name": "CVE-2014-1590", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn out-of-bound read could have led to a crash in the RLBox Expat driver." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 102.11, firefox 102.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32206\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32206\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32206\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32206" ], "name": "CVE-2023-32206", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-20", "details": [ "The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c.", "A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled malformed Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system." ], "statement": "This issue does affect Red Hat Enterprise Linux 5. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue does affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG. Future Linux kernel updates for the respective releases will address this issue.", "acknowledgement": "This issue was discovered by Liu Wei (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3673\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3673" ], "name": "CVE-2014-3673", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).", "It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10388\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10388" ], "name": "CVE-2017-10388", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8619\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8619\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8619", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.", "A vulnerability was found in X.Org. The issue occurs due to the swap handler for the XTestFakeInput request of the XTest extension, possibly corrupting the stack if GenericEvents with lengths larger than 32 bytes are sent through the XTestFakeInput request. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where the client and server use the same byte order." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46340\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46340" ], "name": "CVE-2022-46340", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3." ], "upstream_fix": "thunderbird 91.3, firefox 91.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38508\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38508" ], "name": "CVE-2021-38508", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A mechanism to bypass file system access protections in the sandbox using the file system request constructor through an IPC message. This allows for read and write access to the local file system. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Julian Hector as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5456\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5456\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5456" ], "name": "CVE-2017-5456", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10534\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10534" ], "name": "CVE-2018-10534", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-01T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10583\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10583" ], "name": "CVE-2018-10583", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A use-after-free flaw was found in Mozilla Firefox and Thunderbird. When following a value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. An attacker could use this flaw to execute code that was stored in the referenced memory or crash the system." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Zhanjia Song as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11757\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11757\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757" ], "name": "CVE-2019-11757", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-250", "details": [ "ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.", "A vulnerability was discovered in the Linux kernel's AF_IEEE802154 networking module where permissions checks are not enforced. This can allow an unprivileged user to create raw sockets for this protocol leading to the potential for data leaks or system unavailability." ], "statement": "This flaw is rated as moderate; there are no known exploits using this mechanism as an attack surface against the system affected by this bug.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17053\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17053" ], "name": "CVE-2019-17053", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.", "A flaw was found in the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service." ], "acknowledgement": "Red Hat would like to thank the Python security response team for reporting this issue.", "upstream_fix": "python 3.5.6, python 3.7.0, python 2.7.15, python 3.4.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1061\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1061\nhttps://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-5-final" ], "name": "CVE-2018-1061", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption." ], "statement": "This issue affects the versions of glibc and compat-glibc as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6485\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6485" ], "name": "CVE-2018-6485", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-27T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-444", "details": [ "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.", "It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly." ], "statement": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "tomcat 6.0.41, tomcat 7.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0099\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0099" ], "name": "CVE-2014-0099", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A crash triggerable by web content in which an \"ErrorResult\" references unassigned memory due to a logic error. The resulting crash may be exploitable. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anton Eliasson as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5401\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5401\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5401" ], "name": "CVE-2017-5401", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10998\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10998" ], "name": "CVE-2018-10998", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-31T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected." ], "upstream_fix": "tomcat 7.0.85, tomcat 8.5.28, tomcat 8.0.50", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1304\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1304\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" ], "name": "CVE-2018-1304", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2805\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2805" ], "name": "CVE-2020-2805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.", "A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed." ], "statement": "This vulnerability is only triggered when a local user introduces untrusted input, via a file or directory with a crafted name. For this reason, this flaw has been rated with a Moderate security impact.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-48339\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-48339" ], "name": "CVE-2022-48339", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "1.5", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "details": [ "Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.", "An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4652\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4652" ], "name": "CVE-2014-4652", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-280", "details": [ "A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "thunderbird 102.11, firefox 102.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32207\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32207\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32207\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32207" ], "name": "CVE-2023-32207", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7.", "A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length. This can cause a read beyond the buffer boundaries flaw and, in certain cases, cause a memory access fault and a system halt by accessing invalid memory address." ], "acknowledgement": "This issue was discovered by Paolo Abeni (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16885\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16885" ], "name": "CVE-2018-16885", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.", "A flaw was found in the Linux kernel in the way a local user could create keyrings for other users via keyctl commands. This may allow an attacker to set unwanted defaults, a denial of service, or possibly leak keyring information between users." ], "statement": "The impact is Moderate, because the impact is only for userspace programs if using keyctl incorrectly. For root-level processes (usually during boot) keyctl being used securely without possibility of leaking keys between users.", "acknowledgement": "Red Hat would like to thank Eric Biggers (Google) for reporting this issue.", "upstream_fix": "kernel 4.13.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18270\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18270\nhttp://kernsec.org/pipermail/linux-security-module-archive/2017-September/003318.html\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3" ], "name": "CVE-2017-18270", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.", "A denial of service flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to exit with an assertion failure by making an invalid S4U2Self or S4U2Proxy request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-11368\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11368" ], "name": "CVE-2017-11368", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.", "A flaw was found in libvncserver. A heap-based buffer overflow within the websocket decoding functionality is possible, which can lead to exploitation by a malicious attacker to overwrite a function pointer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "libvncserver 0.9.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18922\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18922" ], "name": "CVE-2017-18922", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2013-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock.", "A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8173\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8173" ], "name": "CVE-2014-8173", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-06T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.", "A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7575\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7575\nhttp://www.mitls.org/pages/attacks/SLOTH\nhttps://access.redhat.com/articles/2112261\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-150/" ], "name": "CVE-2015-7575", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11048\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11048" ], "name": "CVE-2020-11048", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-391", "details": [ "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected." ], "upstream_fix": "openssl 1.0.2n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3737\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3737\nhttps://www.openssl.org/news/secadv/20171207.txt" ], "name": "CVE-2017-3737", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-06T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-321", "details": [ "The default cloud-init configuration, in cloud-init 0.6.2 and newer, included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.", "The default cloud-init configuration included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10896\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10896" ], "name": "CVE-2018-10896", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library." ], "statement": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\nCustomers using this application, which does server-side video codecs by linking to the libvpx library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", "upstream_fix": "chromium-browser 117.0.5938.132", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5217\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5217\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-44/" ], "csaw": true, "name": "CVE-2023-5217", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2018-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h in an Ubuntu package for Poppler 0.24.5. A crafted input will lead to a remote denial of service attack. Later Ubuntu packages such as for Poppler 0.41.0 are not affected." ], "statement": "Red Hat Product Security has rated this issue as having low security impact and a future update may address this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10768\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10768" ], "name": "CVE-2018-10768", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313.", "It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way." ], "statement": "This issue did not affect the kvm packages as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Nadav Amit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7842\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7842" ], "name": "CVE-2014-7842", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7785\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7785\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7785" ], "name": "CVE-2017-7785", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "A malicious website could have learned the size of a cross-origin resource that supported Range requests. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA malicious website that could have learned the size of a cross-origin resource that supported Range requests." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.10, firefox 91.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-31736\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31736\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31736" ], "name": "CVE-2022-31736", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11525\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11525" ], "name": "CVE-2020-11525", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-09-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.", "Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions." ], "upstream_fix": "curl 7.50.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7167\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7167\nhttps://curl.haxx.se/docs/adv_20160914.html" ], "name": "CVE-2016-7167", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-362", "details": [ "Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.", "A race condition issue was found in the way the raw packet socket implementation in the Linux kernel networking subsystem handled synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this to waste resources in the kernel's ring buffer or possibly cause an out-of-bounds read on the heap leading to a system crash." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7, and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Willem de Bruijn for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000111\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000111" ], "name": "CVE-2017-1000111", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9899\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9899\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899" ], "name": "CVE-2016-9899", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2975\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2975" ], "name": "CVE-2019-2975", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10081\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10081" ], "name": "CVE-2017-10081", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-125", "details": [ "The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcXChangeDeviceControl, (2) ProcXChangeDeviceControl, (3) ProcXChangeFeedbackControl, (4) ProcXSendExtensionEvent, (5) SProcXIAllowEvents, (6) SProcXIChangeCursor, (7) ProcXIChangeHierarchy, (8) SProcXIGetClientPointer, (9) SProcXIGrabDevice, (10) SProcXIUngrabDevice, (11) ProcXIUngrabDevice, (12) SProcXIPassiveGrabDevice, (13) ProcXIPassiveGrabDevice, (14) SProcXIPassiveUngrabDevice, (15) ProcXIPassiveUngrabDevice, (16) SProcXListDeviceProperties, (17) SProcXDeleteDeviceProperty, (18) SProcXIListProperties, (19) SProcXIDeleteProperty, (20) SProcXIGetProperty, (21) SProcXIQueryDevice, (22) SProcXIQueryPointer, (23) SProcXISelectEvents, (24) SProcXISetClientPointer, (25) SProcXISetFocus, (26) SProcXIGetFocus, or (27) SProcXIWarpPointer function.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8095\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8095\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8095", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10053\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10053" ], "name": "CVE-2017-10053", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.", "An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker." ], "acknowledgement": "Red Hat would like to thank Jeremy Allison (Google), Stefan Metzmacher (SerNet), and Yihan Lian and Zhibin Hu (Qihoo 360 Gear Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12163\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12163\nhttps://www.samba.org/samba/security/CVE-2017-12163.html" ], "name": "CVE-2017-12163", "mitigation": { "value": "As this is an SMB1-only vulnerability, it can be avoided by setting the server to only use SMB2 via adding:\nserver min protocol = SMB2_02\nto the [global] section of your smb.conf and restarting smbd.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "Event handlers on \"marquee\" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9895\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9895\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9895" ], "name": "CVE-2016-9895", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-134", "details": [ "Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4448\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4448" ], "name": "CVE-2016-4448", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity." ], "statement": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "acknowledgement": "Red Hat would like to thank Moshe Kol (JSOF) and Shlomi Oberman (JSOF) for reporting this issue.", "upstream_fix": "dnsmasq 2.83", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25686\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25686\nhttps://www.jsof-tech.com/disclosures/dnspooq/" ], "csaw": true, "name": "CVE-2020-25686", "mitigation": { "value": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). \nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit ` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system’s environment before applying.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2021-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.", "A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required." ], "acknowledgement": "Red Hat would like to thank Stefan Metzmacher (SerNet) for reporting this issue. Upstream acknowledges the Samba project as the original reporter.", "upstream_fix": "samba 4.13.14, samba 4.14.10, samba 4.15.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2124\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2124\nhttps://www.samba.org/samba/security/CVE-2016-2124.html" ], "name": "CVE-2016-2124", "mitigation": { "value": "Ensure the following [global] smb.conf parameters are set to their default values as shown below:\n~~~\nclient lanman auth = no\nclient NTLMv2 auth = yes\nclient plaintext auth = no\nclient min protocol = SMB2_02\n~~~\nOr use the '-k' command line option only without the -U option, which will make use of an existing krb5 ccache.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection.", "A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 1.0.0p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0206\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0206\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2015-0206", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4488\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4488\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-90.html" ], "name": "CVE-2015-4488", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.", "A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7392\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7392" ], "name": "CVE-2017-7392", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1." ], "upstream_fix": "pcp 5.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3695\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3695" ], "name": "CVE-2019-3695", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5099\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5099\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099" ], "name": "CVE-2018-5099", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges F. Alonso (revskills) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7757\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7757\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757" ], "name": "CVE-2017-7757", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25632\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25632" ], "name": "CVE-2020-25632", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-04T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-642", "details": [ "The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.", "It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4699\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4699" ], "name": "CVE-2014-4699", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp." ], "upstream_fix": "qt 5.9.7, qt 5.6.4, qt 5.11.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19872\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19872\nhttps://bugreports.qt.io/browse/QTBUG-69449\nhttps://wiki.qt.io/Qt_5.11.3_Change_Files" ], "name": "CVE-2018-19872", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22006\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22006" ], "name": "CVE-2023-22006", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.", "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete arbitrary files." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3715\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3715" ], "name": "CVE-2016-3715", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-416", "details": [ "In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "A flaw was found in the Linux kernel's video driver. A race condition, leading to a use-after-free, could lead to a local privilege escalation. User interaction is not needed for exploitation." ], "statement": "This issue is rated as having Moderate impact, because of the need of additional privileges (usually local console user) to access the video device driver.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9458\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9458" ], "name": "CVE-2019-9458", "mitigation": { "value": "To mitigate this issue, prevent modules v4l2-common, v4l2-dv-timings from being loaded if not being used for primary display. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.", "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials." ], "statement": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "upstream_fix": "bootstrap 3.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20677\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20677" ], "name": "CVE-2018-20677", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", "A flaw was found in squid. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy." ], "statement": "Although the squid packages for Red Hat Enterprise Linux 6 through 8 are affected, they are compiled with FORTIFY_SOURCE, which in this case limits the impact of the buffer overflow to an application termination. This only affects deployments acting as reverse proxy with a http_port 'accel' or 'vhost' (squid 2.x and 3.x) or http_port 'accel' configuration (squid 4.x).", "upstream_fix": "squid 4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8450\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8450" ], "name": "CVE-2020-8450", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "(CWE-190|CWE-200|CWE-400)", "details": [ "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server." ], "statement": "This flaw needs a malicious MITM SSH server. When an application compiled with libssh2 connects to such a MITM SSH server, the server can trigger an integer overflow leading to an OOB read in the SSH_MSG_DISCONNECT logic. This can cause the application compiled with libssh2 to crash. This is strictly a client side crash and the SSH server may not be affected.\nAlso note that when a user connects to a malicious MITM server there is already a risk of disclosing password/keys irrespective of the flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17498\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17498\nhttps://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/" ], "name": "CVE-2019-17498", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 78.1, thunderbird 68.11, firefox 68.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15659\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15659\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15659" ], "name": "CVE-2020-15659", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-01T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.", "A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5364\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5364" ], "name": "CVE-2015-5364", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-121", "details": [ "stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution." ], "statement": "Red Hat Product Security has rated this issue as having moderate security impact and a future update may address this flaw.", "upstream_fix": "glibc 2.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11236\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11236" ], "name": "CVE-2018-11236", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8671\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8671\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8671", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JNDI LDAP endpoint." ], "statement": "Based on the conditions to be exploitable (see details below), the risk is much lower than Log4j 2.x and Red Hat has assessed this to be Moderate severity. This flaw has been filed for Log4j 1.x, and the corresponding flaw information for Log4j 2.x is available at: https://access.redhat.com/security/cve/CVE-2021-44228\nNote this flaw ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker's JNDI LDAP endpoint. \nIf the Log4j configuration is set TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228 Log4j 2.x, Log4j 1.x is vulnerable. However, the attack vector is reduced as it depends on having write access, which is not a standard configuration rather than untrusted user input. These are sufficient factors beyond the attacker's control.\nThe tomcat package shipped with Red Hat Enterprise Linux does not include log4j but it does include a default configuration for log4j, log4j.properties, which could be used with tomcat if users choose to install and configure the library. The JMSAppender is not enabled by default, and the permissions of the file can only be modified as root.\nRed Hat Virtualization ships log4j12-1.2.17, but it is used and configured in a way which makes this flaw not possible to exploit. Therefore impact is rated Low.", "upstream_fix": "log4j 2.15.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4104\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4104\nhttps://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126\nhttps://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301\nhttps://lists.apache.org/thread/0x4zvtq92yggdgvwfgsftqrj4xx5w0nx\nhttps://www.openwall.com/lists/oss-security/2021/12/13/1" ], "name": "CVE-2021-4104", "mitigation": { "value": "These are the possible mitigations for this flaw for releases version 1.x:\n- Comment out or remove JMSAppender in the Log4j configuration if it is used\n- Remove the JMSAppender class from the classpath. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSAppender.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the \"file forwarding\" feature which can be used by an attacker to gain access to files that would not ordinarily be allowed by the app's permissions. By putting the special tokens `@@` and/or `@@u` in the Exec field of a Flatpak app's .desktop file, a malicious app publisher can trick flatpak into behaving as though the user had chosen to open a target file with their Flatpak app, which automatically makes that file available to the Flatpak app. This is fixed in version 1.10.2. A minimal solution is the first commit \"`Disallow @@ and @@U usage in desktop files`\". The follow-up commits \"`dir: Reserve the whole @@ prefix`\" and \"`dir: Refuse to export .desktop files with suspicious uses of @@ tokens`\" are recommended, but not strictly required. As a workaround, avoid installing Flatpak apps from untrusted sources, or check the contents of the exported `.desktop` files in `exports/share/applications/*.desktop` (typically `~/.local/share/flatpak/exports/share/applications/*.desktop` and `/var/lib/flatpak/exports/share/applications/*.desktop`) to make sure that literal filenames do not follow `@@` or `@@u`.", "A sandbox escape flaw was found in the way flatpak handled special tokens in \".desktop\" files. This flaw allows an attacker to gain access to files that are not ordinarily allowed by the app's permissions. The highest threat from this vulnerability is to confidentiality and integrity." ], "statement": "This is essentially a sandbox escape flaw and needs a malicious app publisher to execute the exploit.", "upstream_fix": "flatpak 1.10.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-21381\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21381\nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-xgh4-387p-hqpp" ], "name": "CVE-2021-21381", "mitigation": { "value": "Avoid installing Flatpak apps from untrusted sources, or check the contents of the exported .desktop files in exports/share/applications/*.desktop (typically ~/.local/share/flatpak/exports/share/applications/*.desktop and /var/lib/flatpak/exports/share/applications/*.desktop) to make sure that literal filenames do not follow @@ or @@u.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-384", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" ], "statement": "This vulnerability was originally assigned CVE-2018-4700, but after the publication of security errata the identifier was changed to CVE-2018-4300. Both identifiers refer to the same vulnerability. Since some sources use CVE-2018-4700 and others use CVE-2018-4300, Red Hat security advisories for this vulnerability have been amended to include both identifiers.", "upstream_fix": "cups 2.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4700\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4700" ], "name": "CVE-2018-4700", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.", "The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7889\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7889" ], "name": "CVE-2017-7889", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-626", "details": [ "Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nPerforming garbage collection on re-declared JavaScript variables resulted in a user-after-poison, and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 78.7, firefox 78.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23960\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23960\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2021-23960" ], "name": "CVE-2021-23960", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-377", "details": [ "sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.", "An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system." ], "acknowledgement": "This issue was discovered by Mateusz Guzik (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7529\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7529" ], "name": "CVE-2015-7529", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith and Christian Holler as the original reporter.", "upstream_fix": "thunderbird 68.7.0, firefox 68.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6825\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6825\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6825" ], "name": "CVE-2020-6825", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.", "A flaw was found in ImageMagick. The -authenticate option is mishandled allowing user-controlled password set for a PDF file to possibly inject additional shell commands via coders/pdf.c. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Although ImageMagick is shipped as bundled dependency of Inkscape, the further package is not affected as the primary usage for ImageMagick in Inkscape is for bitmap filters thus not exposing the affected code path.", "upstream_fix": "ImageMagick 7.0.10-40", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-29599\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-29599\nhttps://github.com/ImageMagick/ImageMagick/discussions/2851\nhttps://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html" ], "name": "CVE-2020-29599", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95." ], "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43542\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43542" ], "name": "CVE-2021-43542", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to Http2Session::Shutdown and SpdySession31::Shutdown, and other vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Phil Ringnalda, and Philipp as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2836\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2836\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-62.html" ], "name": "CVE-2016-2836", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur during mouse event handling due to issues with multiprocess support. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5103\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5103\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103" ], "name": "CVE-2018-5103", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10285\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10285" ], "name": "CVE-2017-10285", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8669\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8669\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8669", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.", "It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5699\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5699" ], "name": "CVE-2016-5699", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-09-09T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.", "A flaw was found in the Linux kernel. A NULL pointer dereference flaw was found in the QLOGIC drivers for HBA. A call to alloc_workqueue return was not validated and can cause a denial of service. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16233\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16233\nhttps://lkml.org/lkml/2019/9/9/487" ], "name": "CVE-2019-16233", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.", "A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIG_KVM) support with Virtual Function I/O feature (CONFIG_VFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value." ], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "acknowledgement": "Red Hat would like to thank Jan H. Schönherr (Amazon) for reporting this issue.", "upstream_fix": "kernel-3.10.0 720.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000252\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000252" ], "name": "CVE-2017-1000252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aral as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9897\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9897\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9897" ], "name": "CVE-2016-9897", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2981\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2981" ], "name": "CVE-2019-2981", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-17T17:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-400", "details": [ "Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.", "An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS)." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack", "acknowledgement": "Red Hat would like to thank Jonathan Looney (Netflix Information Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11477\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11477\nhttps://patchwork.ozlabs.org/project/netdev/list/?series=114310\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5" ], "csaw": true, "name": "CVE-2019-11477", "mitigation": { "value": "For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3895\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3895\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3895", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-05-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283." ], "statement": "This issue affects the version of expat package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact, a future update may address this flaw.\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ucha Gobejishvili as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2716\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2716\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-54.html" ], "name": "CVE-2015-2716", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-01-27T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-122", "details": [ "Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka \"GHOST.\"", "A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application." ], "upstream_fix": "glibc 2.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0235\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0235\nhttp://www.openwall.com/lists/oss-security/2015/01/27/9\nhttps://access.redhat.com/articles/1332213\nhttps://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability" ], "csaw": true, "name": "CVE-2015-0235" }, { "threat_severity": "Low", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.", "It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process." ], "statement": "In order to exploit this flaw, the attacker needs to first compromise the sandboxed privilege-separation process by using another security flaw. Because of this restriction for successful exploitation, this issue has been rated as having Low security impact.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10012\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10012\nhttps://www.openssh.com/txt/release-7.4" ], "name": "CVE-2016-10012", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-02T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive.", "A heap-based buffer overflow flaw was found in the way certain binutils utilities processed archive files. If a user were tricked into processing a specially crafted archive file, it could cause the utility used to process that archive to crash or, potentially, execute arbitrary code with the privileges of the user running that utility." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils-2.23.52.0.1 55.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8738\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8738" ], "name": "CVE-2014-8738", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2795\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2795\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2795", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe inputs to `sctp_load_addresses_from_init` are verified by `sctp_arethere_unrecognized_parameters`; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Natalie Silvanovich (Google Project Zero) as the original reporter.", "upstream_fix": "chromium-browser 80.0.3987.149, thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20503\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20503\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503" ], "name": "CVE-2019-20503", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-228", "details": [ "GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.", "It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7169\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7169" ], "name": "CVE-2014-7169", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.", "A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted." ], "upstream_fix": "kernel 4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1066\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1066" ], "name": "CVE-2018-1066", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key import task. If the task runs into a failure, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird < 78.8.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cure53 as the original reporter.", "upstream_fix": "thunderbird 78.9.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29950\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29950" ], "name": "CVE-2021-29950", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-20T14:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.", "A heap-based buffer overflow vulnerability in the base64 functions of AIDE, an advanced intrusion detection system. An attacker could crash the program and possibly execute arbitrary code through large (<16k) extended file attributes or ACL." ], "upstream_fix": "aide 0.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-45417\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45417" ], "name": "CVE-2021-45417", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hubert Kario as the original reporter.", "upstream_fix": "nss 3.44.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11727\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11727\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11727" ], "name": "CVE-2019-11727", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-18T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host.", "VNC server implementation in Quick Emulator (QEMU) was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host." ], "acknowledgement": "This issue was discovered by Daniel Berrange (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15124\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15124" ], "name": "CVE-2017-15124", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).", "It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10102\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10102" ], "name": "CVE-2017-10102", "csaw": false }, { "threat_severity": "Critical", "public_date": "2022-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.", "The Mozilla Foundation Security Advisory describes this flaw as: If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context." ], "upstream_fix": "thunderbird 91.9.1, firefox 91.9.1, firefox 100.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1802\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1802\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1802" ], "name": "CVE-2022-1802", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.", "A flaw was found in the Key Recovery Authority (KRA) Agent Service where it did not properly sanitize the recovery ID during a key recovery request, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code." ], "statement": "This vulnerability is rated Low : the web UI uses client TLS authentication, therefore stealing session cookies will not be sufficient for unauthorized access. The vulnerable page itself does not contain secrets.", "acknowledgement": "This issue was discovered by Pritam Singh (Red Hat).", "upstream_fix": "pki-core 10.10.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1721\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1721" ], "name": "CVE-2020-1721", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Linus Särud as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11715\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11715\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11715" ], "name": "CVE-2019-11715", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-90", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).", "It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2588\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2588" ], "name": "CVE-2018-2588", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in certain Apple products. iOS before 11.4 is affected. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." ], "upstream_fix": "webkitgtk 2.20.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4204\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4204" ], "name": "CVE-2018-4204", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251." ], "statement": "Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.", "upstream_fix": "libxml2 2.9.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14567\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14567" ], "name": "CVE-2018-14567", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-13T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.", "An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four." ], "statement": "This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates in the respective releases may address this issue.\nThis issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1593\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1593" ], "name": "CVE-2015-1593", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-28T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20650\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20650" ], "name": "CVE-2018-20650", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-31T00:36:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.", "A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14624\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14624" ], "name": "CVE-2018-14624", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9947\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9947" ], "name": "CVE-2019-9947", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-78", "details": [ "The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ophir LOJKINE as the original reporter.", "upstream_fix": "thunderbird 68.6, firefox 68.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6811\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6811\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811" ], "name": "CVE-2020-6811", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data." ], "statement": "This issue affects the versions of qt5-base and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19873\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19873" ], "name": "CVE-2018-19873", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.", "A flaw was found in libreoffice before 5.4.5 and before 6.0.1. Arbitrary remote file disclosure may be achieved by the use of the WEBSERVICE formula in a specially crafted ODS file." ], "upstream_fix": "libreoffice 6.0.1, libreoffice 5.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6871\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6871\nhttps://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/" ], "name": "CVE-2018-6871", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5." ], "upstream_fix": "libreoffice 6.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9848\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9848\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848" ], "name": "CVE-2019-9848", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Moti Harmats as the original reporter.", "upstream_fix": "thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26958\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26958\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958" ], "name": "CVE-2020-26958", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se", "A vulnerability was found in X.Org. This flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46342\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46342" ], "name": "CVE-2022-46342", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-02-23T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset.", "It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service." ], "statement": "This issue affects the versions of glibc as shipped with Red Hat Enterprise Linux 6. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Robin Hack (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8121\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8121" ], "name": "CVE-2014-8121", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-06-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-79", "details": [ "An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn iframe that was not permitted to run scripts could do so if the user clicked on a `javascript:` link." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Ebert as the original reporter.", "upstream_fix": "thunderbird 91.11, thunderbird 102, firefox 91.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-34468\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34468\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34468\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34468" ], "name": "CVE-2022-34468", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-863", "details": [ "A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.", "A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity." ], "statement": "- Red Hat Certificate System 10.1 has been fixed via the Red Hat Enterprise Linux 8 errata RHSA-2021:0966\n- Red Hat Certificate System 10.2 and newer are not affected by this flaw", "acknowledgement": "Red Hat would like to thank Fraser Tweedale and Geetika Kapoor for reporting this issue.", "upstream_fix": "pki-core 10.11, pki-core 10.9, pki-core 10.8, pki-core 10.10, pki-core 10.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20179\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20179" ], "name": "CVE-2021-20179", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-476", "details": [ "In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.", "A NULL pointer dereference flaw was found in the Xirlink camera USB driver 'xirlink-cit' in the Linux kernel. The driver mishandles invalid descriptors leading to a denial-of-service (DoS). This could allow a local attacker with user privilege to crash the system or leak kernel internal information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11668\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11668" ], "name": "CVE-2020-11668", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module 'xirlink-cit' onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When inserting text in edit mode, some characters might have led to out-of-bounds memory access, causing a potentially exploitable crash." ], "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22742\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22742" ], "name": "CVE-2022-22742", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7793\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7793\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7793" ], "name": "CVE-2017-7793", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in grub2. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-20233\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-20233" ], "name": "CVE-2021-20233", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers as the original reporter.", "upstream_fix": "thunderbird 78.8, firefox 78.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23978\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23978\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23978" ], "name": "CVE-2021-23978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.", "A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14106\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14106" ], "name": "CVE-2017-14106", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3458\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3458\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3458", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.", "A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ryan Sleevi as the original reporter.", "upstream_fix": "nspr 4.10.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7183\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7183\nhttps://access.redhat.com/articles/2043623\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-133.html" ], "name": "CVE-2015-7183", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's \"default request-key keyring\" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.", "The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "upstream_fix": "kernel 14.4.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17807\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17807" ], "name": "CVE-2017-17807", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox < 96, Thunderbird < 91.6, and Firefox ESR < 91.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.6, firefox 91.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22763\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22763\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22763" ], "name": "CVE-2022-22763", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.", "It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3144\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3144\nhttps://kb.isc.org/article/AA-01541" ], "name": "CVE-2017-3144", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10357\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10357" ], "name": "CVE-2017-10357", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIt was possible to cause the use of a MessagePort after it had already\nbeen freed, which could potentially have led to an exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yangkang of 360 ATA Team as the original reporter.", "upstream_fix": "firefox 115.5, thunderbird 115.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6205\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6205\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6205\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6205" ], "name": "CVE-2023-6205", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.", "An out of bounds write, limited to NULL bytes, was discovered in libX11 in functions XListExtensions() and XGetFontPath(). The length field is considered as a signed value, which makes the library access memory before the intended buffer. An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the memory corruption." ], "statement": "To exploit the vulnerability an attacker would need to have already compromised the X server used by your applications. Normally, the X client that runs libX11 and the X server runs on the same machine, thus if an attacker can trigger this flaw he has already compromised the X server, which runs as root, and he has already full control on the system. If the X client runs on another system than the X server (e.g. DISPLAY environment variable is used and it points to an X server on another system) then exploiting this vulnerability would only gain the privileges of the client, which should not be run with high privileges. For the above reasons, this flaw was rated as Moderate Impact.", "upstream_fix": "libX11 1.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14600\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14600" ], "name": "CVE-2018-14600", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges 360政企安全漏洞研究院 in Tianfu Cup 2020 International Cybersecurity Contest as the original reporter.", "upstream_fix": "thunderbird 78.4.2, firefox 78.4.1, firefox 82.0.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26950\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26950\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950" ], "name": "CVE-2020-26950", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3610\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3610\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3610", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-12T12:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service.", "A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service." ], "statement": "This issue affects the versions of the kernel packages as shipped with the Red Hat Enterprise Linux 6 starting with the Red Hat Enterprise Linux 6.7 GA version kernel-2.6.32-573 . Prior Red Hat Enterprise Linux 6 kernel versions are not affected.", "acknowledgement": "Red Hat would like to thank Matthew Sheets (gd-ms.com) for reporting this issue.", "upstream_fix": "kernel 5.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10711\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10711" ], "name": "CVE-2020-10711", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\nThis issue can only be resolved by applying updates.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew Osmond as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6860\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6860\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6860\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860" ], "name": "CVE-2023-6860", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-363", "details": [ "When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. \n*This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary.\n*This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.*" ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jed Davis as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6857\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6857\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857" ], "name": "CVE-2023-6857", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-26T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1935\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1935\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-03.html" ], "name": "CVE-2016-1935", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abdulrahman Alqabandi as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5265\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5265\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-80.html" ], "name": "CVE-2016-5265", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2790\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2790" ], "name": "CVE-2018-2790", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401", "details": [ "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", "A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20388\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20388" ], "name": "CVE-2019-20388", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)." ], "upstream_fix": "openssl 1.0.2q-dev, openssl 1.1.1a-dev, openssl 1.1.0j-dev", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0734\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0734" ], "name": "CVE-2018-0734", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-172", "details": [ "A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.", "A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member." ], "acknowledgement": "Red Hat would like to thank Jens Kühnel (Deutsche Börse AG) and Sandro Emma (Deutsche Börse AG) for reporting this issue.", "upstream_fix": "fence-agents 4.3.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10153\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10153" ], "name": "CVE-2019-10153", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight and Randell Jesup and Gabriele Svelto and Paul Bone and the Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "firefox 115.8, thunderbird 115.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1553\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1553\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1553\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1553" ], "name": "CVE-2024-1553", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107 and Firefox ESR 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers as the original reporter.", "upstream_fix": "thunderbird 102.6, firefox 102.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46878\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46878\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46878" ], "name": "CVE-2022-46878", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-522", "details": [ "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.", "An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote, authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so." ], "statement": "Red Hat Satellite 5 are is in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Jeff Janes as the original reporter.", "upstream_fix": "postgresql 9.4.13, postgresql 9.6.4, postgresql 9.2.22, postgresql 9.3.18, postgresql 9.5.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7547\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7547\nhttps://www.postgresql.org/about/news/1772/" ], "name": "CVE-2017-7547", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8102\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8102\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8102", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.", "An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario." ], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.", "acknowledgement": "This issue was discovered by Jason Wang (Red Hat Inc.).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3900\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3900" ], "name": "CVE-2019-3900", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." ], "upstream_fix": "firefox 78.13, thunderbird 78.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29984\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29984" ], "name": "CVE-2021-29984", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-10-12T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-456", "details": [ "The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.", "It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 , 7 and Red Hat MRG 2. Future updates for the respective releases may address this flaw.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7872\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7872" ], "name": "CVE-2015-7872", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2602\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2602" ], "name": "CVE-2019-2602", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3865\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3865\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3865", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted \"Content-Type: text/enriched\" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).", "A command injection flaw within the Emacs \"enriched mode\" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14482\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14482" ], "name": "CVE-2017-14482", "mitigation": { "value": "This issue can be mitigated by adding the following lines to the Emacs init file (for example ~/.emacs, ~/emacs.d/init.el, site-start.el) and avoiding options that would bypass normal initialization, like 'emacs -Q':\n;; Mitigate CVE-2017-14482 in Emacs 25.2 and earlier\n(require 'enriched)\n(defun enriched-decode-display-prop (start end &optional param)\n(list start end))", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "5.5", "cvss_scoring_vector": "AV:A/AC:L/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation.", "A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host." ], "statement": "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. This issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "acknowledgement": "Red Hat would like to thank Lars Bull (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3611\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3611" ], "name": "CVE-2014-3611", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rh0 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5400\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5400\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5400" ], "name": "CVE-2017-5400", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1837\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1837" ], "name": "CVE-2016-1837", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-04T01:29:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-319", "details": [ "A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.", "A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality." ], "acknowledgement": "This issue was discovered by Xiumei Mu (Red Hat QE Engineering).", "upstream_fix": "Linux kernel version 5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1749\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1749" ], "name": "CVE-2020-1749", "mitigation": { "value": "Disabling the IPV6 protocol may be a suitable workaround for systems that do not require the protocol to function correctly, however, if IPV6 is not in use this flaw will not be triggered.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display, allowing for domain name spoofing attacks in the location bar. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Razmjou as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5383\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5383\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383" ], "name": "CVE-2017-5383", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-10-24T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Shaheen Fazim as the original reporter.", "upstream_fix": "firefox 115.4, thunderbird 115.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5725\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5725\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5725" ], "name": "CVE-2023-5725", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-552", "details": [ "file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used." ], "statement": "This issue affects the versions of glib2 as shipped with Red Hat Enterprise Linux 6, 7 and 8 . Red Hat Product Security has rated this issue as having a security impact of Moderate.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12450\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12450" ], "name": "CVE-2019-12450", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-16T19:40:00Z", "cvss3": { "cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.", "A flaw was found in xstream. An unsafe deserialization of user-supplied XML, in conjunction with relying on the default deny list, allows a remote attacker to perform a variety of attacks including a remote code execution of arbitrary code in the context of the JVM running the XStream application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/ (see SECURITY-383 / CVE-2017-2608)", "upstream_fix": "xstream 1.4.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26217\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26217" ], "name": "CVE-2020-26217", "mitigation": { "value": "Depending on the version of XStream used there are various usage patterns that mitigate this flaw, though we would strongly recommend using the allow list approach if at all possible as there are likely more class combinations the deny list approach may not address.\nAllow list approach\n```java\nXStream xstream = new XStream();\nXStream.setupDefaultSecurity(xstream);\nxstream.allowTypesByWildcard(new String[] {\"com.misc.classname\"})\n```\nDeny list for XStream 1.4.13\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\n```\nDeny list for XStream 1.4.7 -> 1.4.12\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\n```\nDeny list for versions prior to XStream 1.4.7\n```java\nxstream.registerConverter(new Converter() {\npublic boolean canConvert(Class type) {\nreturn type != null && (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || Proxy.isProxy(type));\n}\npublic Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\nthrow new ConversionException(\"Unsupported type due to security reasons.\");\n}\npublic void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\nthrow new ConversionException(\"Unsupported type due to security reasons.\");\n}\n}, XStream.PRIORITY_LOW);\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function `APZCTreeManager::ComputeClippedCompositionBounds` did not follow iterator invalidation rules." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "thunderbird 78.3, firefox 78.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15678\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15678\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678" ], "name": "CVE-2020-15678", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-15T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9445\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9445\nhttps://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html?m=1" ], "name": "CVE-2016-9445", "mitigation": { "value": "This mitigation is only required if vulnerable gstreamer-plugins-bad-free and/or gstreamer1-plugins-bad-free packages are installed.\nFor RHEL 7,\nsudo rm /usr/lib*/gstreamer-1.0/libgstvmnc.so\nsudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so\nFor RHEL 6,\nsudo rm /usr/lib*/gstreamer-0.10/libgstvmnc.so\nPlease note that this mitigation deletes the vulnerable VMware NC decoder, which removes the functionality to play VMware movie files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may result in the disclosure of process memory." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8607\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8607\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8607", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5097\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5097\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097" ], "name": "CVE-2018-5097", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Root Object as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5178\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5178\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178" ], "name": "CVE-2018-5178", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15695\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15695" ], "name": "CVE-2019-15695", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.8 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2977\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2977" ], "name": "CVE-2019-2977", "csaw": false }, { "public_date": "2019-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "verified" }, "cwe": "(CWE-122|CWE-190)", "details": [ "libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.", "A flaw was found in libvncserver in versions through 0.9.12. A large height or width value may cause an integer overflow or a heap-based buffer overflow. The highest threat from this vulnerability is to system availability." ], "statement": "This flaw was found to be a duplicate of CVE-2019-15690. Please see https://access.redhat.com/security/cve/CVE-2019-15690 for information about affected products and security errata.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20788\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20788" ], "name": "CVE-2019-20788", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4760\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4760\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4760", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation.\nWhen route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\nWe recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.", "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\nSimilar CVE-2023-4128 was rejected as a duplicate." ], "upstream_fix": "Kernel 6.5-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4206\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4206\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8\nhttps://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/" ], "name": "CVE-2023-4206", "mitigation": { "value": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-400", "details": [ "If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a website called `window.print()` causing a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrei Enache as the original reporter.", "upstream_fix": "thunderbird 102.4, firefox 102.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42929\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42929\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42929\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42929" ], "name": "CVE-2022-42929", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-12T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10999\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10999" ], "name": "CVE-2018-10999", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2973\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2973" ], "name": "CVE-2019-2973", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3180\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3180" ], "name": "CVE-2018-3180", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition." ], "statement": "This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "openssl 1.0.0m, openssl 1.0.1h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0198\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0198\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0198", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-12T18:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-385->CWE-203", "details": [ "TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.", "A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort (TAA) error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow information disclosure via this observed side-channel for any TSX transaction being executed while an attacker is able to observe abort timing.\nIntel's Transactional Synchronisation Extensions (TSX) are set of instructions which enable transactional memory support to improve performance of the multi-threaded applications, in the lock-protected critical sections. The CPU executes instructions in the critical-sections as transactions, while ensuring their atomic state. When such transaction execution is unsuccessful, the processor cannot ensure atomic updates to the transaction memory, so the processor rolls back or aborts such transaction execution.\nWhile TSX Asynchronous Abort (TAA) is pending, CPU may continue to read data from architectural buffers and pass it to the dependent speculative operations. This may cause information leakage via speculative side-channel means, which is quite similar to the Microarchitectural Data Sampling (MDS) issue." ], "statement": "libvirt and qemu-kvm on Red Hat Enterprise Linux 6 are not affected by this vulnerability as they do not support MSR-based CPU features.", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11135\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11135\nhttps://access.redhat.com/solutions/tsx-asynchronousabort\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html" ], "csaw": true, "name": "CVE-2019-11135", "mitigation": { "value": "For mitigation related information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/tsx-asynchronousabort", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2023-10-17T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-295", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and 22.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22081\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22081" ], "name": "CVE-2023-22081", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-10-24T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Randell Jesup and Andrew McCreight and Jed Davis and the Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "firefox 115.4, thunderbird 115.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5730\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5730\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5730\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5730" ], "name": "CVE-2023-5730", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.", "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25652\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25652" ], "name": "CVE-2023-25652", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.", "A flaw was found in the Linux kernel’s implementation of displaying NUMA statistics, where displaying the scheduler statistics could trigger a use-after-free in show_numa_stats() and display the kernel memory to userspace. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20934\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20934" ], "name": "CVE-2019-20934", "mitigation": { "value": "As the NUMA features are built-in and enabled by default, the NUMA functionality can be disabled at boot time by providing the kernel parameter, numa=off.\nThe method of providing this parameter depends on the operating system version, see KCS article https://access.redhat.com/solutions/23216.\nDisabling this feature may have significant performance impacts and the administrator should consider if the performance penalty is a problem.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.", "A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server." ], "statement": "This vulnerability exists in the `telnet-server` package, not in the `telnet` client-side package. For a Red Hat Enterprise Linux host to be vulnerable, it must have telnet-server installed and the telnetd service enabled. Use of telnetd is not recommended, as it is an un-encrypted protocol with cleartext transmission of passwords; alternatives such as openssh are preferred.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10188\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10188" ], "name": "CVE-2020-10188", "mitigation": { "value": "When in enforcing mode, SELinux as configured in Red Hat Enterprise Linux provides some mitigation against an exploit for telnet-server, because it limits the kind of operations it can perform and programs that can be run from the telnet-server's context.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-27T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-787", "details": [ "Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.", "An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3181\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3181" ], "name": "CVE-2014-3181", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-26T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.", "It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5471\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5471" ], "name": "CVE-2014-5471", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11018\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11018" ], "name": "CVE-2020-11018", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8766\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8766\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8766", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.", "It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the \"lwres\" statement in named.conf." ], "upstream_fix": "bind 9.11.0b2, bind 9.10.4-P2, bind 9.9.9-S3, bind 9.9.9-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2775\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2775\nhttps://kb.isc.org/article/AA-01393/" ], "name": "CVE-2016-2775", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.", "It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Wheelwright as the original reporter.", "upstream_fix": "postgresql 9.6.3, postgresql 9.4.12, postgresql 9.3.17, postgresql 9.5.7, postgresql 9.2.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7486\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7486\nhttps://www.postgresql.org/about/news/1746/" ], "name": "CVE-2017-7486", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T14:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-349", "details": [ "A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.", "A flaw was found in the Linux kernel’s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. The hook incorrectly validated the first Netlink message in the skb only, to allow or deny the rest of the messages within the skb with the granted permissions and without further processing. At this time, there is no known ability for an attacker to abuse this flaw." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10751\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10751\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6\nhttps://lore.kernel.org/selinux/CACT4Y+b8HiV6KFuAPysZD=5hmyO4QisgxCKi4DHU3CfMPSP=yg@mail.gmail.com/\nhttps://www.openwall.com/lists/oss-security/2020/04/30/5" ], "name": "CVE-2020-10751", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nCertain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kai Engert as the original reporter.", "upstream_fix": "thunderbird 78.6, firefox 78.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26973\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26973\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26973" ], "name": "CVE-2020-26973", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-367", "details": [ "A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.", "A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25212\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25212" ], "name": "CVE-2020-25212", "mitigation": { "value": "While there is no known mitigation to this flaw, configuring authentication and only mounting authenticated NFSv4 servers will significantly reduce the risk of this flaw being successfully exploited.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled." ], "statement": "Firefox and Thunderbird in Red Hat Enterprise Linux 8.6 and later are not affected by this vulnerability, as they use the system NSS library. Firefox and Thunderbird in earlier Red Hat Enterprise Linux 8 extended life streams were affected, and should be updated to fixed versions as they become available.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter.", "upstream_fix": "nss 3.79.4, nss 3.88.1, thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-0767\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0767\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0767" ], "name": "CVE-2023-0767", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking." ], "statement": "Applications that use AbstractBasicAuthHandler, HTTPBasicAuthHandler and ProxyBasicAuthHandler may be affected by this flaw. Other classes may use the vulnerable method http_error_auth_reqed in AbstractBasicAuthHandler as well.\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as notaffected as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "upstream_fix": "python 3.8.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8492\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8492" ], "name": "CVE-2020-8492", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8782\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8782\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8782", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIt was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight as the original reporter.", "upstream_fix": "firefox 115.7, thunderbird 115.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0742\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0742\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0742\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0742" ], "name": "CVE-2024-0742", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8835\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8835\nhttps://webkitgtk.org/security/WSA-2020-0001.html" ], "name": "CVE-2019-8835", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-07-06T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-391", "details": [ "mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Kirill A. Shutemov (Intel) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3288\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3288" ], "name": "CVE-2015-3288", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.", "An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application." ], "statement": "This issue did not affect the versions of gdk-pixbuf as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4491\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4491\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-88.html" ], "name": "CVE-2015-4491", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite." ], "statement": "OpenSSL security update RHSA-2016:1940 mitigates this issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default.\nNSS addressed this issue by implementing limits on the amount of plain text which can be encrypted by using the same key. Once the limit is reached, the keys will need to be re-negotiated manually. This change will be available in nss-3.27.\nGnuTLS is not affected by this issue, since it prioritizes AES before 3DES in the cipher list.", "acknowledgement": "Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Gaëtan Leurent (Inria) and Karthikeyan Bhargavan (Inria) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2183\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2183\nhttps://access.redhat.com/articles/2548661\nhttps://access.redhat.com/errata/RHSA-2016:1940\nhttps://sweet32.info/" ], "csaw": true, "name": "CVE-2016-2183", "mitigation": { "value": "1.SSL/TLS configurations should prefer AES over DES. Versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7 already do so. In the version of OpenSSL shipped with Red Hat Enterprise Linux 5, 3DES is listed below the AES-256 cipher and above the AES-128 cipher, therefore AES-256 based ciphersuite should not be disabled on the server.\n2. Servers using OpenSSL, should not disable AES-128 and AES-256 ciphersuites. Versions of Apache shipped with Red Hat Enterprise Linux use the default cipher string, in which AES is preferred over DES/3DES based ciphersuites.\nFor JBoss Middleware, and Java mitigations, please review this knowledge base article:\nhttps://access.redhat.com/articles/2598471\nThis can be mitigated on OpenShift Container Platform (OCP) by disabling the vulnerable TLS cipher suite in the applicable component. TLS configuration options for OCP are described here:\nhttps://access.redhat.com/articles/5348961", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.", "A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9; therefore, Red Hat Enterprise Linux 8 and 9 have been rated with Moderate severity.", "acknowledgement": "Red Hat would like to thank Olivier Fourdan for reporting this issue.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0409\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0409" ], "name": "CVE-2024-0409", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-25T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.", "A flaw was found in the way the cups-browsed daemon interpreted the \"BrowseAllow\" directive in the cups-browsed.conf file. An attacker able to add a malformed \"BrowseAllow\" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions." ], "upstream_fix": "cups-filters 1.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4338\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4338" ], "name": "CVE-2014-4338", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8615\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8615\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8615", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-19T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation.", "System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator." ], "statement": "This issue affects Red Hat Enterprise Linux 7 and MRG-2 kernels and will be addressed in a future update. This issue does not affect Red Hat Enterprise Linux 5 and 6 systems.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6327\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6327" ], "name": "CVE-2016-6327", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77->CWE-78", "details": [ "A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "This flaw is exploitable only when root is tricked into running a specially crafted command. The most likely scenario is when users are allowed to run a sssctl command via a dedicated `sudo` rule.", "acknowledgement": "This issue was discovered by Cedric Buissart (Red Hat).", "upstream_fix": "sssd 2.6.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3621\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3621" ], "name": "CVE-2021-3621", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8681\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8681\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8681", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-03-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.", "A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a remote high privileged attacker to manipulate cache results with incorrect records, leading to queries made to the wrong servers, possibly resulting in false information received on the client's end." ], "statement": "Versions of BIND shipped with Red Hat Enterprise Linux 8, 9 are affected, because vulnerable code is present in our code base.\nFor RHEL-9, DHCP uses the vulnerable BIND 9 libraries (bind-9.11.14) for some services. Hence, it is affected as well.\nAuthoritative - Only BIND 9 servers are not vulnerable to this flaw.", "acknowledgement": "Upstream acknowledges Baojun Liu (Network and Information Security Lab, Tsinghua University), Changgen Zou (Qi An Xin Group Corp), Chaoyi Lu (Network and Information Security Lab, Tsinghua University), and Xiang Li (Network and Information Security Lab, Tsinghua University) as the original reporters.", "upstream_fix": "bind 9.11.37, bind 9.16.27, bind 9.18.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-25220\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25220\nhttps://kb.isc.org/docs/CVE-2021-25220" ], "name": "CVE-2021-25220", "mitigation": { "value": "If applicable, modify your configuration to either remove all forwarding or all possibility of recursion. Depending on your use case, it may be possible to use other zone types to replace forward zones.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.", "An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite." ], "upstream_fix": "openssl 1.1.0d, openssl 1.0.2k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3731\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3731\nhttps://www.openssl.org/news/secadv/20170126.txt" ], "name": "CVE-2017-3731", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Stone as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 68.1, firefox 60.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11742\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11742\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11742" ], "name": "CVE-2019-11742", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3902\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3902\nhttps://webkitgtk.org/security/WSA-2020-0005.html" ], "name": "CVE-2020-3902", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.", "A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server." ], "statement": "This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 5, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat Enterprise JBoss Enterprise Web Server 1 and 2.", "upstream_fix": "openssl 1.0.1j", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3513\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3513\nhttps://www.openssl.org/news/secadv_20141015.txt" ], "name": "CVE-2014-3513", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key.", "A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.", "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.2a, openssl 1.0.0r", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0288\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0288\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0288", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2801\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2801\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2801", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-03T08:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.", "A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system." ], "upstream_fix": "kernel 5.16-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4083\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4083\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9" ], "name": "CVE-2021-4083", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-18T13:59:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected." ], "statement": "This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikely that most servers will be exploitable. The debug level of the bind server can be checked via the rndc status command, which will return the current trace level as \"debug level\". A value of 10 or above would most likely make this flaw exploitable.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5742\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5742\nhttps://www.openwall.com/lists/oss-security/2018/12/19/6" ], "name": "CVE-2018-5742", "mitigation": { "value": "Ensure that debug logging is disabled and set to 0. This can be verified on the Bind server by the rndc status command.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Seongil Wi as the original reporter.", "upstream_fix": "firefox 115.7, thunderbird 115.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0747\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0747\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0747\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0747" ], "name": "CVE-2024-0747", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.", "A flaw was found in the Linux kernel. Improper input validation in some Intel(R) Graphics Drivers may allow a privileged user to potentially enable a denial of service via local access." ], "statement": "To fix this issue a combination of linux-firmware and kernel update is required to be installed on the system.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12363\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12363\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html" ], "name": "CVE-2020-12363", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF." ], "statement": "* This issue does not affect Red Hat Gluster Storage 3 and Red Hat Ceph Storage 2 and 3 because these products do not use the twisted web APIs.\n* This issue does affect Red Hat Enterprise Linux 6. However, because this version is now in Maintenance Support 2 Phase and the flaw has a security impact of Moderate, it is not currently planned to be addressed in future Red Hat Enterprise Linux 6 updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata\n* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-twisted package.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12387\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12387" ], "name": "CVE-2019-12387", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-77", "details": [ "The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.", "A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system." ], "upstream_fix": "git 2.3.10, git 2.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7545\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7545" ], "name": "CVE-2015-7545", "mitigation": { "value": "Avoid recursive cloning or updating of git submodules without checking the submodule URL. Non-recursive cloning is the default in git, so user needs to change this to become vulnerable (\"e.g. by specifying --recursive\").", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401", "details": [ "By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.", "A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program." ], "statement": "This flaw affects versions 9.8.4 -> 9.16.32 of the Bind package, therefore Red Hat Enterprise Linux 6 is not affected.", "acknowledgement": "Red Hat would like to thank Maksym Odinintsev for reporting this issue.", "upstream_fix": "bind 9.16.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38177\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38177\nhttps://kb.isc.org/docs/cve-2022-38177" ], "name": "CVE-2022-38177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-835", "details": [ "arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel packages as shipped with\nRed Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5412\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5412" ], "name": "CVE-2016-5412", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8771\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8771\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8771", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jeff Gilbert and Kenneth Russell as the original reporters.", "upstream_fix": "thunderbird 68.7.0, firefox 68.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6821\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6821\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6821" ], "name": "CVE-2020-6821", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space", "A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges." ], "statement": "For the Red Hat Enterprise Linux 7 only privileged user can trigger this bug.\nFor the Red Hat Enterprise Linux 8 regular user can trigger it, and the result is corruption of 4 bytes of memory.", "upstream_fix": "Kernel 5.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-22555\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22555\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d\nhttps://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528" ], "name": "CVE-2021-22555", "mitigation": { "value": "The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command:\necho 0 > /proc/sys/user/max_user_namespaces\nFor making this change in configuration permanent.\nNote: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.\nConfigure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the \"/etc/sysctl.d/\" directory:\nuser.max_user_namespaces = 0\nThe system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:\n$ sudo sysctl --system\nThe other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6051\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6051" ], "name": "CVE-2014-6051", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.", "A NULL pointer dereference flaw was found in the OpenLDAP server, during a request for renaming RDNs. This flaw allows a remote, unauthenticated attacker to crash the slapd process by sending a specially crafted request, causing a denial of service. The highest threat from this vulnerability is to system availability." ], "statement": "This vulnerability affects the server side only. As a result, OpenLDAP client components, such as the component shipped in Red Hat Enterprise Linux 8, are not affected by this flaw.", "upstream_fix": "openldap 2.4.55", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25692\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25692" ], "name": "CVE-2020-25692", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11049\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11049" ], "name": "CVE-2020-11049", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10067\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10067" ], "name": "CVE-2017-10067", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-04-03T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-22", "details": [ "The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a \"double-chroot attack.\"", "A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2925\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2925" ], "name": "CVE-2015-2925", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-674", "details": [ "Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation.", "An uncontrolled recursion flaw was found in libxkbcommon in the way it parses boolean expressions. A specially crafted file provided to xkbcomp could crash the application." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15853\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15853" ], "name": "CVE-2018-15853", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).", "It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10078\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10078" ], "name": "CVE-2017-10078", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21365\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21365" ], "name": "CVE-2022-21365", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-94|CWE-400)", "details": [ "A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.", "A flaw was found in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server." ], "statement": "This flaw can be exploited by an unauthenticated attacker (PR:N) who could create a specially crafted \"krbPrincipalKey\" and send it to the IPA server (AV:N). The attack is relatively easy to conduct (AC:L), since all the attacker requires is a string which is long enough to write beyond the limits of the buffer on the stack. User interaction is required for the attack (UI:N). End result in a crash in the IPA server causing denial of service or in some conditions may also result in remote code execution with the permissions of the user running the IPA server (CIA:H).", "acknowledgement": "Red Hat would like to thank Todd Lipcon (Cloudera) for reporting this issue.", "upstream_fix": "FreeIPA 4.7.4, FreeIPA 4.8.3, FreeIPA 4.6.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14867\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14867\nhttps://www.freeipa.org/page/Releases/4.6.7\nhttps://www.freeipa.org/page/Releases/4.7.4\nhttps://www.freeipa.org/page/Releases/4.8.3" ], "name": "CVE-2019-14867", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-352", "details": [ "The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.", "A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack." ], "upstream_fix": "tomcat 8.0.32, tomcat 7.0.68", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5351\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5351\nhttp://seclists.org/bugtraq/2016/Feb/148" ], "name": "CVE-2015-5351", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.", "The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This is not currently planned to be addressed in future updates of the product due to its life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "upstream_fix": "kernel 4.14.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6927\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6927" ], "name": "CVE-2018-6927", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.", "A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection." ], "upstream_fix": "openssl 1.0.2i, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2181\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2181\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2181", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jukka Jylänki as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4484\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4484\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-87.html" ], "name": "CVE-2015-4484", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4872\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4872\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4872", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-12-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e.", "A flaw was found in the Linux kernel’s implementation of dropping sysctl entries. A local attacker who has access to load modules on the system can trigger a condition during module load failure and panic the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20054\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20054" ], "name": "CVE-2019-20054", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." ], "upstream_fix": "firefox 78.13, thunderbird 78.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29985\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29985" ], "name": "CVE-2021-29985", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-138", "details": [ "A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11717\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11717\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11717" ], "name": "CVE-2019-11717", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35561\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35561" ], "name": "CVE-2021-35561", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges sonakkbi as the original reporter.", "upstream_fix": "thunderbird 102.15, thunderbird 115.2, firefox 102.15, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4574\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4574\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574" ], "name": "CVE-2023-4574", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.", "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service." ], "upstream_fix": "389-ds-base 1.3.6.14, 389-ds-base 1.3.7.10, 389-ds-base 1.4.0.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1054\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1054\nhttps://pagure.io/389-ds-base/issue/49545" ], "name": "CVE-2018-1054", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Christoph Diehl, Jason Kratzer, Julian Hector, Kannan Vijayan, Randell Jesup, Ronald Crane, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5150\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5150\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5150" ], "name": "CVE-2018-5150", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-15T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "details": [ "OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.", "A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container." ], "acknowledgement": "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Clay Gerrard (SwiftStack) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1856\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1856" ], "name": "CVE-2015-1856", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "The Mozilla Foundation Security Advisory describes this flaw as: Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol." ], "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22739\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22739\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22739\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22739" ], "name": "CVE-2022-22739", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page." ], "upstream_fix": "chromium-browser 67.0.3396.62", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6126\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6126\nhttps://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html" ], "name": "CVE-2018-6126", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password. This vulnerability affects Firefox ESR < 102.2 and Thunderbird < 102.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA data race could occur in the PK11_ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Marian Laza as the original reporter.", "upstream_fix": "firefox 102.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38476\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38476\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38476" ], "name": "CVE-2022-38476", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jose Martinez and Romina Santillan as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1957\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1957\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-20.html" ], "name": "CVE-2016-1957", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-06-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-357", "details": [ "An OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, the email's date will be shown. If the dates were different, then Thunderbird didn't report the email as having an invalid signature. If an attacker performed a replay attack, in which an old email with old contents are resent at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email. This vulnerability affects Thunderbird < 102 and Thunderbird < 91.11.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this issue of when an OpenPGP digital signature includes information about the date when the signature was created. When displaying an email that contains a digital signature, it will show the email's date. If the dates were different, Thunderbird didn't report the email as having an invalid signature. If an attacker performs a replay attack, in which an old email with old contents is present at a later time, it could lead the victim to believe that the statements in the email are current. Fixed versions of Thunderbird will require that the signature's date roughly matches the displayed date of the email." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nickolay Olshevsky as the original reporter.", "upstream_fix": "thunderbird 102, thunderbird 91.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2226\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2226\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2226" ], "name": "CVE-2022-2226", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-203", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35603\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35603" ], "name": "CVE-2021-35603", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-17T17:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.", "An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size (MSS) of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increases the Linux kernel's resource (CPU, Memory, and Bandwidth) utilization. A remote attacker could use this flaw to cause a denial of service (DoS) by repeatedly sending network traffic on a TCP connection with low TCP MSS." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack\nRed Hat Enterprise Linux 5 is now in the Extended Life Phase of maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Jonathan Looney (Netflix Information Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11479\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11479\nhttps://patchwork.ozlabs.org/project/netdev/list/?series=114310\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5" ], "name": "CVE-2019-11479", "mitigation": { "value": "For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-13T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.", "It was found that in Linux kernel the mount table expands by a power-of-two with each bind mount command. If a system is configured to allow non-privileged user to do bind mounts, or allows to do so in a container or unprivileged mount namespace, then non-privileged user is able to cause a local DoS by overflowing the mount table, which causes a deadlock for the whole system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2 as of now due to the absence of unprivileged mount name spaces support.\nNevertheless, the unprivileged mount name spaces might be added to a future RHEL-7 version as a supported feature, so future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by Qian Cai (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6213\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6213" ], "name": "CVE-2016-6213", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.", "An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." ], "upstream_fix": "libreoffice 5.2.5, libreoffice 5.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7870\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7870" ], "name": "CVE-2017-7870", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird < 52.5.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges cure53 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7847\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7847\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847" ], "name": "CVE-2017-7847", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.", "It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0466\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0466\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0466", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-31T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-665", "details": [ "A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.", "A flaw was found in the way the Xserver memory was not properly initialized. This issue leak parts of server memory to the X client. In cases where the Xorg server runs with elevated privileges, this flaw results in a possible ASLR bypass." ], "acknowledgement": "Red Hat would like to thank X.org project for reporting this issue. Upstream acknowledges Jan-Niklas Sohn (Trend Micro Zero Day Initiative) as the original reporter.", "upstream_fix": "xorg-server 1.20.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14347\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14347\nhttps://lists.x.org/archives/xorg-announce/2020-July/003051.html" ], "name": "CVE-2020-14347", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-13T21:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.", "A Floating Point Unit (FPU) state information leakage flaw was found in the way the Linux kernel saved and restored the FPU state during task switch. Linux kernels that follow the \"Lazy FPU Restore\" scheme are vulnerable to the FPU state information leakage issue. An unprivileged local attacker could use this flaw to read FPU state bits by conducting targeted cache side-channel attacks, similar to the Meltdown vulnerability disclosed earlier this year." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7, and Red Hat Enterprise MRG 2 may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and\nmaintenance life cycle. This has been rated as having Moderate security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat Enterprise Linux Life\nCycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3665\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3665\nhttp://www.openwall.com/lists/oss-security/2018/06/15/5\nhttps://access.redhat.com/solutions/3485131\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html" ], "name": "CVE-2018-3665", "mitigation": { "value": "RHEL-7 will automatically default to (safe) “eager” floating point register restore on Sandy Bridge and newer Intel processors. AMD processors are not affected. You can mitigate this issue on older processors by booting the kernel with the 'eagerfpu=on' parameter to enable eager FPU restore mode. In this mode FPU state is saved and restored for every task/context switch regardless of whether the current process invokes FPU instructions or not. The parameter does not affect performance negatively, and can be applied with no adverse effects to processors that are not affected.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2024-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Noah Lokocz and Kevin Brosnan and Ryan VanderMeulen and the Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "firefox 115.9, thunderbird 115.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2614\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2614\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2614\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2614" ], "name": "CVE-2024-2614", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-08-03T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.", "It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate." ], "upstream_fix": "curl 7.50.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5420\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5420\nhttps://curl.haxx.se/docs/adv_20160803B.html" ], "name": "CVE-2016-5420", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-672", "details": [ "Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.", "Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18281\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18281" ], "name": "CVE-2018-18281", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Luan Herrera as the original reporter.", "upstream_fix": "thunderbird 102.9, firefox 102.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-28164\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28164\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28164\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28164" ], "name": "CVE-2023-28164", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.", "A flaw was found in pki-core. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity." ], "statement": "Red Hat Enterprise Linux 8.3 (pki-core 10.9.4) contains mitigations that prevents the vulnerability to be exploited. Red Hat Enterprise Linux version 8 prior to 8.3 are vulnerable to this version", "upstream_fix": "pki-core 10.9.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25715\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25715" ], "name": "CVE-2020-25715", "mitigation": { "value": "Because the cross-site scripting (XSS) attack requires the victim to have their RHCS certificate installed in their web browser to be successful, it is recommended that web browser not hold the keys and that the user use the command line interface (CLI) instead.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-456", "details": [ "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.", "It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server." ], "upstream_fix": "httpd 2.2.34, httpd 2.4.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9788\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9788\nhttps://httpd.apache.org/security/vulnerabilities_22.html#2.2.34\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.27" ], "name": "CVE-2017-9788", "mitigation": { "value": "If you do not use digest authentication, do not load the \"auth_digest_module\".\nFor example, on RHEL 7, this can be done by commenting out or removing the\n\"LoadModule auth_digest_module modules/mod_auth_digest.so\"\nline within the /etc/httpd/conf.modules.d/00-base.conf configuration file and restarting the service.\nYou can then use the \"httpd -t -D DUMP_MODULES\" command to verify that the module is no longer loaded.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.", "A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget." ], "statement": "This is the same issue as CVE-2017-5645. MITRE has CVE-2017-5645 to a similar flaw found in log4j-2.x. The flaw found in log4j-1.2 has been assigned CVE-2019-17571. CVE-2019-17571 has been addressed in Red Hat Enterprise Linux via RHSA-2017:2423.\nAlso the rh-java-common-log4j package shipped with Red Hat Software Collections was addressed via RHSA-2017:1417\nIn Satellite 5.8, although the version of log4j as shipped in the nutch package is affected, nutch does not load any of the SocketServer classes from log4j. Satellite 5 is considered not vulnerable to this flaw since the affected code can not be reached.", "upstream_fix": "log4j 2.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17571\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17571" ], "name": "CVE-2019-17571", "mitigation": { "value": "Please note that the Log4j upstream strongly recommends against using the SerializedLayout with the SocketAppenders. Customers may mitigate this issue by removing the SocketServer class outright; or if they must continue to use SocketAppenders, they can modify their SocketAppender configuration from SerializedLayout to use JsonLayout instead. An example of this in log4j-server.properties might look like this:\nlog4j.appender.file.layout=org.apache.log4j.JsonLayout", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a group key handshake." ], "statement": "This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13080\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13080\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13080", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-407", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4803\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4803\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4803", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "(CWE-190|CWE-119)", "details": [ "Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video data." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4479\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4479\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-83.html" ], "name": "CVE-2015-4479", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.", "An out-of-bounds flaw was found in the ALSA usb-audio subsystem in the Linux kernel. An array boundary check was needed to restrict the array size; failing this can cause an out-of-bound access problem. Data confidentiality and integrity, as well as system availability, are all threats with this vulnerability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15927\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15927" ], "name": "CVE-2019-15927", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-13T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.", "A flaw was found in the Linux kernel where a crash can be triggered from unprivileged userspace during core dump on a POWER system with a certain configuration. This is due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path leading to a denial of service." ], "upstream_fix": "kernel-3.10.0 862.1.1.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1091\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1091" ], "name": "CVE-2018-1091", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.", "A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10200\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10200" ], "name": "CVE-2016-10200", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14583\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14583" ], "name": "CVE-2020-14583", "csaw": false }, { "threat_severity": "Low", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-350", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\nNote: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21012\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21012\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21012", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nOffscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kirtikumar Anandrao Ramchandani as the original reporter.", "upstream_fix": "firefox 115.12, thunderbird 115.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-5693\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5693\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5693\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5693" ], "name": "CVE-2024-5693", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "In the coff_pointerize_aux function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, an index is not validated, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted file, as demonstrated by objcopy of a COFF object." ], "upstream_fix": "binutils 2.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7208\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7208" ], "name": "CVE-2018-7208", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anonymous as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5095\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5095\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095" ], "name": "CVE-2018-5095", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8666\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8666\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8666", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information." ], "statement": "Red Hat Virtualization images include wpa_supplicant as a component from the base Red Hat Enterprise Linux operating system, but use of Red Hat Virtualization on a wireless network is neither recommended nor supported. A future update may address this issue.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14526\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14526" ], "name": "CVE-2018-14526", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-172", "details": [ "By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ahmed Elsobky (@0xSobky) as the original reporter.", "upstream_fix": "thunderbird 68.8.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12397\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12397\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397" ], "name": "CVE-2020-12397", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when exiting fullscreen mode, an iframe could have confused the browser about the current state of the fullscreen, resulting in potential user confusion or spoofing attacks." ], "upstream_fix": "firefox 91.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-31738\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31738" ], "name": "CVE-2022-31738", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator." ], "upstream_fix": "glibc 2.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15804\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15804" ], "name": "CVE-2017-15804", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5376\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5376\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376" ], "name": "CVE-2017-5376", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally." ], "upstream_fix": "python 2.7.17, python 3.7.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16056\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16056" ], "name": "CVE-2019-16056", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.", "It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections." ], "upstream_fix": "squid 3.5.23, squid 4.0.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10002\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10002\nhttp://www.squid-cache.org/Advisories/SQUID-2016_11.txt" ], "name": "CVE-2016-10002", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.", "A vulnerability was found in the way the ipaddress python module computes hash values in the IPv4Interface and IPv6Interface classes. This flaw allows an attacker to create many dictionary entries, due to the performance of a dictionary containing the IPv4Interface or IPv6Interface objects, possibly resulting in a denial of service. The highest threat from this vulnerability is to system availability." ], "statement": "In Red Hat Enterprise Linux, python3 includes the ipaddress module by default, while for python2 a separate package, python-ipaddress, needs to be installed for the module to be used. Moreover, the ipaddress module is included in other packages as well, like python-pip.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14422\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14422" ], "name": "CVE-2020-14422", "mitigation": { "value": "As a short term solution, if your application is using the IPv4Interface/IPv6Interface classes as keys of a dictionary, it is possible to patch the __hash__ method of those classes to not be constant.\n```\nIPv4Interface.__hash__ = lambda self: hash((self._ip, self._prefixlen, int(self.network.network_address)))\nIPv6Interface.__hash__ = lambda self: hash((self._ip, self._prefixlen, int(self.network.network_address)))\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-552", "details": [ "The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.", "It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed." ], "upstream_fix": "tomcat 7.0.67, tomcat 6.0.45, tomcat 8.0.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5345\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5345\nhttp://seclists.org/bugtraq/2016/Feb/146" ], "name": "CVE-2015-5345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8676\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8676\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8676", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.", "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, as a code with the flaw is not present or is not built in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17449\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17449" ], "name": "CVE-2017-17449", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-805->CWE-125", "details": [ "In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132" ], "upstream_fix": "libexif 0.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0093\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0093" ], "name": "CVE-2020-0093", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-25T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "upstream_fix": "libwebp 1.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-36328\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36328" ], "name": "CVE-2020-36328", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-95", "details": [ "ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with 'FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: When a ServiceWorker intercepted a request with FetchEvent, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Dongsung Kim as the original reporter.", "upstream_fix": "firefox 102.5, thunderbird 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45410\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45410\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45410\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45410" ], "name": "CVE-2022-45410", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue in which Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and ESR 102.8. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102.9, firefox 102.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-28176\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28176\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28176\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28176" ], "name": "CVE-2023-28176", "csaw": false }, { "threat_severity": "Critical", "public_date": "2023-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.", "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication." ], "upstream_fix": "squid 6.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-46847\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46847\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g" ], "name": "CVE-2023-46847", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2988\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2988" ], "name": "CVE-2019-2988", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-400|CWE-787)", "details": [ "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.", "A buffer overflow flaw in httpd's lua module could allow an out-of-bounds write. An attacker who is able to submit a crafted request to an httpd instance that is using the lua module may be able to cause an impact to confidentiality, integrity, and/or availability." ], "statement": "httpd as shipped in Red Hat Enterprise Linux 6 is NOT affected by this flaw because it does not ship mod_lua.", "upstream_fix": "httpd 2.4.52", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-44790\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44790\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2021-44790", "mitigation": { "value": "Disabling mod_lua and restarting httpd will mitigate this flaw. See https://access.redhat.com/articles/10649 for more information.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.", "It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords." ], "statement": "Red Hat Satellite 5 are is in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Ben de Graaff, Jelte Fennema, and Jeroen van der Ham as the original reporters.", "upstream_fix": "postgresql 9.3.18, postgresql 9.6.4, postgresql 9.2.22, postgresql 9.4.13, postgresql 9.5.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7546\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7546\nhttps://www.postgresql.org/about/news/1772/" ], "name": "CVE-2017-7546", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack." ], "statement": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 as they did not include the support for printing image ICC profile and recursive image structure where the vulnerability occured.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18915\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18915" ], "name": "CVE-2018-18915", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3857\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3857\nhttps://www.libssh2.org/CVE-2019-3857.html" ], "name": "CVE-2019-3857", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.", "A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Anat Bremler-Barr (Interdisciplinary Center (IDC), Herzliya), and Lior Shafir and Yehuda Afek (Tel Aviv University) as the original reporters.", "upstream_fix": "bind 9.11.19, bind 9.14.12, bind 9.16.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8616\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8616\nhttps://kb.isc.org/docs/cve-2020-8616\nhttps://www.theregister.co.uk/2020/05/21/nxnaattack_bug_disclosed/" ], "name": "CVE-2020-8616", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges SkyLined as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7753\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7753\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7753" ], "name": "CVE-2017-7753", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-31T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:C/A:N", "status": "verified" }, "cwe": "CWE-362", "details": [ "Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling.", "A flaw was found in the Linux kernel when attempting to \"punch a hole\" in files existing on an ext4 filesystem. When punching holes into a file races with the page fault of the same area, it is possible that freed blocks remain referenced from page cache pages mapped to process' address space." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 kernels.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8839\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8839" ], "name": "CVE-2015-8839", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bogdan Tara, Gary Kwong, Jan Varga, Jan de Mooij, Jason Kratzer, Olli Pettay, Ronald Crane, Ted Campbell, Tim Guan-tin Chien, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9800\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9800\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9800" ], "name": "CVE-2019-9800", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-02-22T18:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-89", "details": [ "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.", "A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for other accounts allowing escalation of privileges." ], "upstream_fix": "cyrus-sasl 2.1.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-24407\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24407\nhttps://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28" ], "name": "CVE-2022-24407", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-200", "details": [ "The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character.", "A flaw was found in the Linux kernel's implementation of the Bluetooth Human Interface Device Protocol (HIDP). A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can leak potentially sensitive information from the kernel stack memory via a HIDPCONNADD command because a name field may not be correctly NULL terminated." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11884\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11884" ], "name": "CVE-2019-11884", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4731\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4731\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4731", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-10-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-356", "details": [ "It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: Certain browser prompts and dialogs could be activated or dismissed unintentionally by the user due to an insufficient activation delay." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kelsey Gilbert as the original reporter.", "upstream_fix": "firefox 115.4, thunderbird 115.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5721\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5721\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5721" ], "name": "CVE-2023-5721", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10772\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10772" ], "name": "CVE-2018-10772", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2590\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2590\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2590", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "It is possible to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening a remote attachment which is a different file type than expected. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5170\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5170\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170" ], "name": "CVE-2018-5170", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-11T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-190", "details": [ "The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.", "It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue did affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. This issue\nhas been addressed in the respective releases.", "acknowledgement": "Red Hat would like to thank Mellanox for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8159\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8159" ], "name": "CVE-2014-8159", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-451", "details": [ "A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "firefox 115.11, thunderbird 115.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-4768\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4768\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4768\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4768" ], "name": "CVE-2024-4768", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-672", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15691\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15691" ], "name": "CVE-2019-15691", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-01-07T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "details": [ "The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.", "An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) backend driver of the iSCSI Target subsystem of the Linux kernel. A privileged user could use this flaw to leak the contents of kernel memory to an iSCSI initiator remote client." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel package as shipped with Red Hat Enterprise Linux 6 and 7. Future kernel updates for Red Hat Enterprise Linux 6 and 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4027\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4027" ], "name": "CVE-2014-4027", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).", "It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10243\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10243\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixJAVA" ], "name": "CVE-2017-10243", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-13T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-200", "details": [ "In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11037\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11037" ], "name": "CVE-2018-11037", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8623\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8623\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8623", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-611", "details": [ "The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.", "It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system." ], "acknowledgement": "This issue was discovered by Daniel P. Berrange (Red Hat).", "upstream_fix": "libxml2 2.9.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0191\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0191" ], "name": "CVE-2014-0191", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.", "It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 0.9.8zd, OpenSSL 1.0.0p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3572\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3572\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-3572", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.", "A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops)." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise\nLinux 5,6,7, MRG-2 and realtime kernels.\nRed Hat Enterprise Linux 5 has transitioned to Production phase 3. \nDuring the Production 3 Phase, Critical impact Security Advisories (RHSAs) \nand selected Urgent Priority Bug Fix Advisories (RHBAs) may be released \nas they become available.\nAt this time this bug is not meet this critera and is unlikley to be fixed\nfor these releases.\nThe official life cycle policy can be reviewed here:\nhttp://redhat.com/rhel/lifecycle\nFuture Linux kernel updates for the products in production phase 1 and 2, namely Red Hat Enterprise\nLinux 6, 7 and MRG-2 may address this issue.", "upstream_fix": "kernel 4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15274\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15274" ], "name": "CVE-2017-15274", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7751\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7751\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751" ], "name": "CVE-2017-7751", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nFollowing a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "thunderbird 102.10, firefox 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-29535\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29535\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29535" ], "name": "CVE-2023-29535", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-170", "details": [ "A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.", "A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Bas Alberts (GitHub Security Lab Team) as the original reporter.", "upstream_fix": "samba 4.11.15, samba 4.12.9, samba 4.13.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14323\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14323\nhttps://www.samba.org/samba/security/CVE-2020-14323.html" ], "name": "CVE-2020-14323", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-09-27T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-285->CWE-770->CWE-305", "details": [ "GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is used, does not limit the aggregate memory consumption of all active PrtSc requests, which allows physically proximate attackers to execute arbitrary commands on an unattended workstation by making many PrtSc requests and leveraging a temporary lock outage, and the resulting temporary shell availability, caused by the Linux kernel OOM killer.", "It was found that the Gnome shell did not disable the Print Screen key when the screen was locked. This could allow an attacker with physical access to a system with a locked screen to crash the screen-locking application by creating a large amount of screenshots." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7300\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7300" ], "name": "CVE-2014-7300", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "On pages containing an iframe, the \"data:\" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jose María Acuña as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7791\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7791\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7791" ], "name": "CVE-2017-7791", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).", "The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2634\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2634" ], "name": "CVE-2018-2634", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\nWe recommend upgrading past commit  https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url", "A use-after-free flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_connect and l2cap_le_connect_req functions. An attacker with physical access within the range of standard Bluetooth transmission could execute code leaking kernel memory via Bluetooth if within proximity of the victim." ], "upstream_fix": "kernel 6.1-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42896\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42896\nhttps://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4" ], "name": "CVE-2022-42896", "mitigation": { "value": "This flaw can be mitigated by disabling Bluetooth on the operating system level. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. For instructions on how to disable Bluetooth on RHEL please refer to https://access.redhat.com/solutions/2682931.\nAlternatively Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-15T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-172", "details": [ "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.", "Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks." ], "upstream_fix": "httpd 2.4.16, httpd 2.2.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3183\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3183" ], "name": "CVE-2015-3183", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-10T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.", "A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker could submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded, which in turn allowed the attacker to run arbitrary code on the CUPS server." ], "statement": "This issue affects the version of cups package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank CERT/CC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1158\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1158" ], "name": "CVE-2015-1158", "mitigation": { "value": "Disabling the cups web interface significantly reduces the impact of this security flaw.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe black fade animation when exiting fullscreen is roughly\nthe length of the anti-clickjacking delay on permission prompts.\nIt was possible to use this fact to surprise users by luring them\nto click where the permission grant button would be about to appear." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "firefox 115.5, thunderbird 115.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6206\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6206\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6206\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6206" ], "name": "CVE-2023-6206", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity." ], "upstream_fix": "expat 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22827\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22827\nhttps://github.com/libexpat/libexpat/pull/539" ], "name": "CVE-2022-22827", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-12-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15690\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15690" ], "name": "CVE-2019-15690", "mitigation": { "value": "Libvncserver should not be used to connect to untrusted server.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.", "An out of bounds (OOB) memory access flaw was found in i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c in I2C subsystem. A read request for length (data->block[0]) greater than 'I2C_SMBUS_BLOCK_MAX + 1' may cause underlying I2C driver write out of array's boundary. This could allow a local attacker with special user privilege (or root) to crash the system or leak kernel internal information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18551\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18551" ], "name": "CVE-2017-18551", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges André Bargull as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5297\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5297\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-5297", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-11-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.", "The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AF_ALG-based skcipher interface to cause a denial of service (uninitialized-memory free and kernel crash) or have an unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 are vulnerable." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "upstream_fix": "kernel 4.14.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17805\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17805" ], "name": "CVE-2017-17805", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5259\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5259\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-73.html" ], "name": "CVE-2016-5259", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.", "A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7805\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7805" ], "name": "CVE-2017-7805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2369\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2369" ], "name": "CVE-2021-2369", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2799\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2799" ], "name": "CVE-2018-2799", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.", "A flaw was found in FreeRDP in versions between 1.0 and 2.0.0. An integer overflow was found in the region.c function which could allow an attacker the ability to control the RDP server as well as the data sent to the client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11523\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11523" ], "name": "CVE-2020-11523", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an \"MMU potential stack buffer overrun.\"", "The Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled (nested=1), was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual address(gva). An L1 guest could use this flaw to crash the host kernel resulting in denial of service (DoS) or potentially execute arbitrary code on the host to gain privileges on the system." ], "statement": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12188\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12188" ], "name": "CVE-2017-12188", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15127\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15127\nhttps://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/" ], "name": "CVE-2018-15127", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-184", "details": [ "A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.", "A flaw was found in GRUB 2, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The kernel further loads and executes the table, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code." ], "statement": "For a successful attack to occur, the attacker needs to triage the environment to determine where the lockdown variable symbol is placed in memory when the kernel is loaded. Then the SSDT table needs to be written accordingly into this memory position and the grub.cfg file needs to be changed to load the table during the boot time.", "acknowledgement": "Red Hat would like to thank Máté Kukri for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14372\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14372\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-003" ], "csaw": true, "name": "CVE-2020-14372" }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16392\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16392\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16392", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35578\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35578" ], "name": "CVE-2021-35578", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8583\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8583\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8583", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-19T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-129->CWE-119", "details": [ "Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.", "A flaw was found in the way the json module handled negative index argument passed to certain functions (such as raw_decode()). An attacker able to control index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory." ], "statement": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 7, the versions of python-simplejson as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of python33-python and python33-python-simplejson as shipped with Red Hat Software Collections. Red Hat Product Security has rated this issue as having Moderate security impact. Future updates may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "python 2.7.7, python 3.3.6, python 3.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4616\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4616" ], "name": "CVE-2014-4616", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.", "A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos." ], "statement": "This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4343\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4343" ], "name": "CVE-2014-4343", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21299\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21299" ], "name": "CVE-2022-21299", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14621\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14621" ], "name": "CVE-2020-14621", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-04-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-179|CWE-1173)", "details": [ "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system." ], "statement": "This bug was introduced in gzip-1.3.10 and is relatively hard to exploit.\nRed Hat Enterprise Linux 6 was affected but Out of Support Cycle because gzip was not listed in Red Hat Enterprise Linux 6 ELS Inclusion List.\nhttps://access.redhat.com/articles/4997301", "upstream_fix": "gzip 1.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1271\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1271" ], "name": "CVE-2022-1271", "mitigation": { "value": "Red Hat has investigated whether possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Plaintext of decrypted emails can leak through the src attribute of remote images, or links. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5162\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5162\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162" ], "name": "CVE-2018-5162", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.", "A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions." ], "acknowledgement": "Red Hat would like to thank Johannes Wikner (ETH Zürich) and Kaveh Razavi (ETH Zürich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-23816\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23816\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037" ], "name": "CVE-2022-23816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.", "An integer overflow flaw was found in the way the X.Org server calculated memory requirements for certain DRI2 extension requests. A malicious, authenticated client could use this flaw to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8094\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8094\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8094", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-31T13:41:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L", "status": "verified" }, "cwe": "CWE-22", "details": [ "It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox.", "It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox." ], "acknowledgement": "Red Hat would like to thank Imre Rad for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10185\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10185" ], "name": "CVE-2019-10185", "mitigation": { "value": "No known mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.", "A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability." ], "statement": "The glibc version shipped with Red Hat Enterprise Linux 8 is compiled using gcc's stack-protector option which mitigates the possibility of code execution led by the stack corruption.\nThe glibc version shipped with Red Hat Enterprise Linux 7 is more difficult to exploit using this flaw, specifically for remote code execution. Because exploitation of the flaw depends on the usage of pseudo-zero values, an attacker can only overwrite the stack with 0s. Due to this, a valid address value for code execution is difficult to get and is likely to only result in a crash.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10029\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10029" ], "name": "CVE-2020-10029", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-28T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.", "It is possible for a single process to cause an OOM condition by filling large pipes with data that are never read. A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Tetsuo Handa for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2847\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2847" ], "name": "CVE-2016-2847", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-07-19T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-770", "details": [ "Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.", "It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made." ], "upstream_fix": "tomcat 8.0.9, tomcat 6.0.44, tomcat 7.0.55", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0230\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0230\nhttp://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9" ], "name": "CVE-2014-0230", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-28T00:00:00Z", "cvss": { "cvss_base_score": "5.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflow." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8895\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8895" ], "name": "CVE-2015-8895", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-26T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940.", "An information leak was discovered in the Linux kernel in cdrom_ioctl_drive_status() function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16658\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16658" ], "name": "CVE-2018-16658", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.", "An error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5803\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5803" ], "name": "CVE-2018-5803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-30T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-772", "details": [ "The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c.", "It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2179\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2179\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2179", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-04-07T00:00:00Z", "cvss3": { "cvss3_base_score": "3.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N", "status": "verified" }, "details": [ "The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation." ], "statement": "This issue only affects systems which use a remote recursive resolver and enable EDNS0, either with the “edns0” option in /etc/resolv.conf, or using the RES_USE_EDNS0 or RES_USE_DNSSEC resolver flags. The underlying issue affects recursive resolvers such as BIND and Unbound as well, and has to be fixed separately there.", "upstream_fix": "glibc 2.26", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12132\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12132" ], "name": "CVE-2017-12132", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1." ], "statement": "This flaw exists if the user selects to use a \"blksize\" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes.\nUsers choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.", "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges l00p3r as the original reporter.", "upstream_fix": "curl 7.65.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5436\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5436\nhttps://curl.haxx.se/docs/CVE-2019-5436.html" ], "name": "CVE-2019-5436", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4734\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4734\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4734", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while adjusting layout during SVG animations with text paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5155\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5155\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155" ], "name": "CVE-2018-5155", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-14T17:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.", "Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3620\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3620\nhttps://access.redhat.com/articles/3562741\nhttps://access.redhat.com/security/vulnerabilities/L1TF\nhttps://foreshadowattack.eu/\nhttps://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault\nhttps://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow\nhttps://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know" ], "csaw": true, "name": "CVE-2018-3620" }, { "threat_severity": "Important", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14593\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14593" ], "name": "CVE-2020-14593", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.", "The Mozilla Foundation Security Advisory describes this flaw as:\nUnder certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL." ], "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43536\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43536" ], "name": "CVE-2021-43536", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-03-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-172->CWE-697->CWE-295", "details": [ "The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.", "It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid." ], "upstream_fix": "nss 3.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1492\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1492" ], "name": "CVE-2014-1492", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-457", "details": [ "A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.10, firefox 91.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-31741\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31741\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741" ], "name": "CVE-2022-31741", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution.", "It was found that glusterfs server is vulnerable to mulitple stack based buffer overflows due to functions in server-rpc-fopc.c allocating fixed size buffers using 'alloca(3)'. An authenticated attacker could exploit this by mounting a gluster volume and sending a string longer that the fixed buffer size to cause crash or potential code execution." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10907\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10907" ], "name": "CVE-2018-10907", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A potentially exploitable crash in \"EnumerateSubDocuments\" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Philipp as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9905\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9905\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9905" ], "name": "CVE-2016-9905", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2999\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2999" ], "name": "CVE-2019-2999", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18267\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18267" ], "name": "CVE-2017-18267", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Iain Ireland as the original reporter.", "upstream_fix": "thunderbird 68.9.0, firefox 68.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12406\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12406\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406" ], "name": "CVE-2020-12406", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-11T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a \"StartTLS stripping attack.\"", "It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0772\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0772" ], "name": "CVE-2016-0772", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-10-06T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-470", "details": [ "Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property \"hsqldb.method_class_names\" to classes which are allowed to be called. For example, System.setProperty(\"hsqldb.method_class_names\", \"abc\") or Java argument -Dhsqldb.method_class_names=\"abc\" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.", "A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default." ], "upstream_fix": "hsqldb 2.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-41853\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41853\nhttp://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control\nhttps://github.com/advisories/GHSA-77xx-rxvh-q682" ], "name": "CVE-2022-41853", "mitigation": { "value": "By default, the static methods of any class that is on the classpath are available for use and can compromise security in some systems. The optional Java system property, hsqldb.method_class_names, allows preventing access to classes other than java.lang.Math or specifying a semicolon-separated list of allowed classes. A property value that ends with .* is treated as a wild card and allows access to all class or method names formed by substitution of the * (asterisk).\nIn the example below, the property has been included as an argument to the Java command.\njava -Dhsqldb.method_class_names=\"org.me.MyClass;org.you.YourClass;org.you.lib.*\" [the rest of the command line]\nThe above example allows access to the methods in the two classes: org.me.MyClass and org.you.YourClass together with all the classes in the org.you.lib package. Note that if the property is not defined, no access control is performed at this level.\nThe user who creates a Java routine must have the relevant access privileges on the tables that are used inside the Java method.\nOnce the routine has been defined, the normal database access control applies to its user. The routine can be executed only by those users who have been granted EXECUTE privileges on it. Access to routines can be granted to users with GRANT EXECUTE or GRANT ALL. For example, GRANT EXECUTE ON myroutine TO PUBLIC.\nIn hsqldb 2.7.1, all classes by default are not accessible, except those in java.lang.Math and need to be manually enabled.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-02-24T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-444", "details": [ "In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.", "A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability." ], "statement": "OpenDaylight in Red Hat OpenStack 10 & 13 was in technical preview status, because of this no fixes will be released for it.\nIn Red Hat Satellite 6, Candlepin is using Tomcat to provide a REST API, and has been found to be vulnerable to the flaw. However, it is currently believed that no useful attacks can be carried over.", "acknowledgement": "Red Hat would like to thank @ZeddYu (Apache Tomcat Security Team) for reporting this issue.", "upstream_fix": "tomcat 9.0.31, tomcat 8.5.51, tomcat 7.0.100", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1935\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1935\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100\nhttps://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51\nhttps://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.31" ], "name": "CVE-2020-1935", "mitigation": { "value": "Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite.\nFor other Red Hat products, either mitigation isn't available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "(CWE-295|CWE-296)", "details": [ "It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.", "It was discovered evolution-ews does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference." ], "upstream_fix": "evolution-ewx 3.31.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3890\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3890" ], "name": "CVE-2019-3890", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.", "An integer wraparound was discovered in glib due to passing a 64 bit sized value to function g_memdup() which accepts a 32 bits number as argument. An attacker may abuse this flaw when an application linked against the glib library uses g_bytes_new() function or possibly other functions that use g_memdup() underneath and accept a 64 bits argument as size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Applications that just use GBytes to access the data are affected by this flaw but the highest threat is to data confidentiality and/or the application availability, due to possible out-of-bounds reads. However, if the data in GBytes is taken through functions such as g_bytes_unref_to_data or g_bytes_unref_to_array it might be possible to have out-of-bounds writes due to the wrongly reported size of the buffer.\nApplications that use g_memdup to duplicate memory with user-controlled sizes should pay extra attention to the fact that g_memdup accepts a guint size instead of gsize. Thus directly passing a gsize value to g_memdup may results in integer truncation, allocating a buffer smaller than expected.", "upstream_fix": "glib 2.67.3, glib 2.66.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27219\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27219" ], "name": "CVE-2021-27219", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9791\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9791\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9791" ], "name": "CVE-2019-9791", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.", "Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid." ], "upstream_fix": "squid 3.5.17, squid 4.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4052\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4052\nhttp://www.squid-cache.org/Advisories/SQUID-2016_6.txt" ], "name": "CVE-2016-4052", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.", "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10881\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10881" ], "name": "CVE-2018-10881", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041." ], "statement": "Red Hat Enterprise Satellite 5 is now in Maintenance Support 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 5 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "upstream_fix": "bootstrap 3.4.0, bootstrap 4.0.0-beta.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10735\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10735" ], "name": "CVE-2016-10735", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-415", "details": [ "There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. ", "The Mozilla Foundation Security Advisory describes this flaw as:\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 102.10, firefox 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-1999\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1999\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999" ], "name": "CVE-2023-1999", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.", "A memory leak flaw was found in the Linux kernel. An error in the resource cleanup of the sas_ex_discover_expander function can allow an attacker to induce error conditions that could crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the error/resource cleanup code path (system-wide out-of-memory condition, high privileges or physical access).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15807\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15807" ], "name": "CVE-2019-15807", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar and the resulting bookmark is subsequently dragged and dropped into the web content area, an arbitrary query of a user's browser history can be run and transmitted to the content page via drop event data. This allows for the theft of browser history by a malicious site. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abdulrahman Alqabandi as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11698\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11698\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11698" ], "name": "CVE-2019-11698", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3598\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3598\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3598", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.", "A man-in-the-middle vulnerability was found in the way \"connection signing\" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges Sernet.de and Stefan Metzmacher (Samba Team) as the original reporters.", "upstream_fix": "samba 4.1.22, samba 4.2.7, samba 4.3.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5296\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5296\nhttps://www.samba.org/samba/security/CVE-2015-5296.html" ], "name": "CVE-2015-5296", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2814\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2814" ], "name": "CVE-2018-2814", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-25T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.", "A flaw was discovered in the way Libreswan's IKE daemon processed IKE KE payloads. A remote attacker could send specially crafted IKE payload with a KE payload of g^x=0 that, when processed, would lead to a denial of service (daemon crash)." ], "acknowledgement": "This issue was discovered by Paul Wouters (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3240\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3240\nhttps://libreswan.org/security/CVE-2015-3240/" ], "name": "CVE-2015-3240", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10089\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10089" ], "name": "CVE-2017-10089", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T03:50:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).", "A vulnerability was found in Linux kernel's implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS)." ], "acknowledgement": "Red Hat would like to thank Vasily Averin (Virtuozzo) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10140\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10140" ], "name": "CVE-2019-10140", "mitigation": { "value": "Some systems may wish to use device-mapper as an alternative to overlayfs. This does not remove the flaw if overlayfs module is still in use.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.", "A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls." ], "acknowledgement": "Red Hat would like to thank Evgenii Shatokhin (Virtuozzo Team) for reporting this issue.", "upstream_fix": "kernel 4.16-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1130\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1130" ], "name": "CVE-2018-1130", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-11T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-367", "details": [ "net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a crafted sctp_accept call.", "A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2 and may be addressed in future updates. \nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8767\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8767" ], "name": "CVE-2015-8767", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.4", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to the (1) __glXDisp_ReadPixels, (2) __glXDispSwap_ReadPixels, (3) __glXDisp_GetTexImage, (4) __glXDispSwap_GetTexImage, (5) GetSeparableFilter, (6) GetConvolutionFilter, (7) GetHistogram, (8) GetMinmax, (9) GetColorTable, (10) __glXGetAnswerBuffer, (11) __GLX_GET_ANSWER_BUFFER, (12) __glXMap1dReqSize, (13) __glXMap1fReqSize, (14) Map2Size, (15) __glXMap2dReqSize, (16) __glXMap2fReqSize, (17) __glXImageSize, or (18) __glXSeparableFilter2DReqSize function, which triggers an out-of-bounds read or write.", "Multiple integer overflow flaws were found in the way the X.Org server calculated memory requirements for certain GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8093\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8093\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8093", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-06-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks.
    *This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a malicious website that creates a popup that could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks." ], "statement": "This bug only affects Firefox and Thunderbird for Linux. Other operating systems are unaffected.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 102, thunderbird 91.11, firefox 91.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-34479\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34479\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34479" ], "name": "CVE-2022-34479", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8609\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8609\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8609", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-470", "details": [ "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution." ], "upstream_fix": "glibc 2.25.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-16997\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-16997" ], "name": "CVE-2017-16997", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-06T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.", "A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5344\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5344" ], "name": "CVE-2018-5344", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8769\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8769\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8769", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "7.8", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.", "An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14496\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14496\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14496" }, { "threat_severity": "Important", "public_date": "2021-02-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range.", "A flaw was found in the wpa_supplicant, in the way it processes P2P (Wi-Fi Direct) provision discovery requests. This flaw allows an attacker who is within radio range of the device running P2P discovery to cause termination of the wpa_supplicant process or potentially cause code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "An attacker (or a system controlled by the attacker) needs to be within radio range of the vulnerable system to send a set of suitably constructed management frames that trigger the corner case to be reached in the management of the P2P peer table.", "upstream_fix": "wpa_supplicant 2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27803\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27803\nhttps://w1.fi/security/2021-1/wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt" ], "name": "CVE-2021-27803", "mitigation": { "value": "Disable the P2P (control interface command \"P2P_SET disabled 1\" or \"p2p_disabled=1\" in (each, if multiple interfaces used) wpa_supplicant configuration file)", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.", "The Mozilla Foundation Security Advisory describes this issue as:\nMozilla developers and community members reported memory safety bugs present in Firefox 86 and Firefox ESR 78.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alexis Beingessner, Julien Wajsberg, Matthew Gregan, and Tyson Smith as the original reporters.", "upstream_fix": "thunderbird 78.9, firefox 78.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23987\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23987\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23987" ], "name": "CVE-2021-23987", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-449", "details": [ "When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an `iframe` element from a remote location. However, Thunderbird didn't display the document." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Thunderbird Team as the original reporter.", "upstream_fix": "thunderbird 91.13.1, thunderbird 102.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-3034\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3034\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-39/#CVE-2022-3034" ], "name": "CVE-2022-3034", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2797\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2797" ], "name": "CVE-2018-2797", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-23T00:00:00Z", "cvss": { "cvss_base_score": "2.7", "cvss_scoring_vector": "AV:A/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-172->CWE-393", "details": [ "The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.", "It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash." ], "statement": "This issue affects the versions of samba3x as shipped with Red Hat Enterprise Linux 5. This issue affects the versions of samba and samba4 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of samba as shipped with Red Hat Enterprise Linux 7. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3493\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3493\nhttp://www.samba.org/samba/security/CVE-2014-3493" ], "name": "CVE-2014-3493", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." ], "statement": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20097\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20097" ], "name": "CVE-2018-20097", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-18T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.", "A flaw was found in the way the Linux kernel's ext4 file system handled the \"page size > block size\" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future updates in the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Xiong Zhou (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0275\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0275" ], "name": "CVE-2015-0275", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWeb-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.6, firefox 91.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22761\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22761\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761" ], "name": "CVE-2022-22761", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10101\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10101" ], "name": "CVE-2017-10101", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-20T12:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.", "An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability." ], "statement": "Any Red Hat product which relies on the Red Hat Enterprise Linux kernel is also potentially impacted. \nThis includes layered products such as OpenShift Container Platform, OpenStack, Red Hat Virtualization, and others.", "acknowledgement": "Red Hat would like to thank Qualys Research Team for reporting this issue.", "upstream_fix": "kernel 5.14 rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-33909\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33909\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b\nhttps://www.openwall.com/lists/oss-security/2021/07/20/1\nhttps://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt" ], "csaw": true, "name": "CVE-2021-33909", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" } }, { "threat_severity": "Critical", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jet Villegas and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5145\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5145\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5145" ], "name": "CVE-2018-5145", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-23T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-138", "details": [ "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.", "It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose source of scripts in the cgi-bin directory." ], "statement": "This issue affects the versions of python as shipped with Red Hat Enterprise Linux 5 and 7 as well as Red Hat Software Collections. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "python 3.3.6, python 2.7.8, python 3.4.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4650\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4650" ], "name": "CVE-2014-4650", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Grégoire as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5440\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5440\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5440" ], "name": "CVE-2017-5440", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-281", "details": [ "Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordi Chancel as the original reporter.", "upstream_fix": "thunderbird 78.10, firefox 78.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23998\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23998\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23998" ], "name": "CVE-2021-23998", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9631\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9631" ], "name": "CVE-2019-9631", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2698\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2698" ], "name": "CVE-2019-2698", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-15T00:00:00Z", "cvss": { "cvss_base_score": "1.7", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.", "A security flaw was found in the Linux kernel's networking subsystem that destroying the network interface with huge number of ipv4 addresses assigned keeps \"rtnl_lock\" spinlock for a very long time (up to hour). This blocks many network-related operations, including creation of new incoming ssh connections.\nThe problem is especially important for containers, as the container owner has enough permissions to trigger this and block a network access on a whole host, outside the container." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates, as the Linux containers which the flaw affects are not supported in these products. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Solar Designer (Openwall) and the Virtuozzo kernel team for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3156\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3156" ], "name": "CVE-2016-3156", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8726\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8726\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8726", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a cross-origin iframe referencing an XSLT document inheriting the parent domain's permissions (such as microphone or camera access)." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Ebert as the original reporter.", "upstream_fix": "firefox 91.13, firefox 102.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38473\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38473\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38473" ], "name": "CVE-2022-38473", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges bo13oy as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 68.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17017\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17017\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017" ], "name": "CVE-2019-17017", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Fixed potential buffer overflows in generated Firefox code due to CVE-2016-6354 issue in Flex. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Petr Cerny as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5469\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5469\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5469" ], "name": "CVE-2017-5469", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.", "An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10913\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10913" ], "name": "CVE-2018-10913", "mitigation": { "value": "SELinux mitigates this issue on Red Hat Gluster Storage 3. SELinux should be in enforcing mode only as permissive mode does not block attacks.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.", "A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system." ], "acknowledgement": "Red Hat would like to thank Hao Sun for reporting this issue.", "upstream_fix": "kernel 5.15-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4028\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4028\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74\nhttps://lkml.org/lkml/2021/10/4/697" ], "name": "CVE-2021-4028", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\nNote: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21068\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21068\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21068", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake." ], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6, as it does not support TDLS.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13086\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13086\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13086", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tsubasa Iinuma as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1965\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1965\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-28.html" ], "name": "CVE-2016-1965", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-295->CWE-287", "details": [ "An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.", "An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7562\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7562" ], "name": "CVE-2017-7562", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0687\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0687\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-0687", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-08T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-665", "details": [ "The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.", "A vulnerability was found in Linux kernel. There is an information leak in file \"sound/core/timer.c\" of the latest mainline Linux kernel, the stack object “tread” has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user(), resulting a kernel leak." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4569\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4569\nhttp://comments.gmane.org/gmane.linux.kernel/2214250" ], "name": "CVE-2016-4569", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).", "A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Armis Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000410\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000410" ], "name": "CVE-2017-1000410", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "details": [ "An out-of-bounds read while processing SVG content in \"ConvolvePixel\". This results in a crash and also allows for otherwise inaccessible memory being copied into SVG graphic content, which could then displayed. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ivan Fratric (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5465\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5465\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5465" ], "name": "CVE-2017-5465", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5281\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5281\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5281", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-129->CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11041\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11041" ], "name": "CVE-2020-11041", "mitigation": { "value": "Disable sound for the rdp session in the client.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-366", "details": [ "A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.", "A use-after-free flaw was found in the Linux kernel’s performance events functionality. A user triggers a race condition in setting up performance monitoring between the leading PERF_TYPE_TRACEPOINT and sub PERF_EVENT_HARDWARE plus the PERF_EVENT_SOFTWARE using the perf_event_open() function with these three types. This flaw allows a local user to crash the system." ], "acknowledgement": "Red Hat would like to thank Norbert Slusarek for reporting this issue.", "upstream_fix": "kernel 5.18 rc9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1729\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1729" ], "name": "CVE-2022-1729", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2798\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2798\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2798", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.", "A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash." ], "upstream_fix": "krb5 1.14.1, krb5 1.13.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8630\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8630" ], "name": "CVE-2015-8630", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21283\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21283" ], "name": "CVE-2022-21283", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JGSS). Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21618\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21618" ], "name": "CVE-2022-21618", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-11T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:C/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.", "A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges." ], "statement": "This issue affects the versions of libvirt as shipped with Red Hat Enterprise Linux version 7 and Red Hat Gluster Storage 3.1. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5313\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5313" ], "name": "CVE-2015-5313", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.", "An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host." ], "statement": "This issue affects the versions of the qemu-kvm package as shipped with Red Hat Enterprise Linux 8, Red Hat OpenStack, Red Hat Virtualization and Red Hat Enterprise Linux Advanced Virtualization 8.", "acknowledgement": "Red Hat would like to thank Felipe Franciosi (nutanix.com), Peter Turschmid (nutanix.com), and Raphael Norwitz (nutanix.com) for reporting this issue.", "upstream_fix": "QEMU 4.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1711\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1711" ], "name": "CVE-2020-1711", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.", "A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-32399\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32399" ], "name": "CVE-2021-32399", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at the BIOS level which will also provide effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bruno Keith via Beyond Security's SecuriTeam Secure Disclosure program and Niklas Baumstark as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12387\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12387\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12387" ], "name": "CVE-2018-12387", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.", "A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined with another vulnerability, it could allow execution of arbitrary code with the privileges of the user running Firefox." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jonas Jenwald as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2743\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2743\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-69.html" ], "name": "CVE-2015-2743", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-281", "details": [ "Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.", "The Mozilla Foundation Security Advisory describes this flaw as:\nDocuments in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.9, firefox 91.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29909\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29909\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29909\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29909" ], "name": "CVE-2022-29909", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Clary, Christian Holler, Liz Henry, Raul Gurzau, and Tyson Smith as the original reporters.", "upstream_fix": "thunderbird 68.5, firefox 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6800\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6800\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800" ], "name": "CVE-2020-6800", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Shaheen Fazim as the original reporter.", "upstream_fix": "firefox 115.11, thunderbird 115.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-4769\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4769\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4769\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4769" ], "name": "CVE-2024-4769", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-613", "details": [ "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded." ], "upstream_fix": "httpd 2.4.38", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17199\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17199" ], "name": "CVE-2018-17199", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-02-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0836\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0836\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-11" ], "name": "CVE-2015-0836", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal \"/../\" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nRelative URLs starting with three slashes were incorrectly parsed, and a\npath-traversal \"/../\" part in the path could be used to override the\nspecified host. This could contribute to security problems in web sites." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rachmat Abdul Rokhim as the original reporter.", "upstream_fix": "firefox 115.5, thunderbird 115.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6209\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6209\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6209\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6209" ], "name": "CVE-2023-6209", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-21T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string.", "A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long." ], "upstream_fix": "tomcat 7.0.70, tomcat 8.5.3, tomcat 8.0.36", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3092\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3092\nhttp://tomcat.apache.org/security-7.html\nhttp://tomcat.apache.org/security-8.html" ], "name": "CVE-2016-3092", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-04T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.", "An integer underflow flaw, leading to a buffer over-read, was found in the way wpa_supplicant handled WMM Action frames. A specially crafted frame could possibly allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash." ], "upstream_fix": "hostapd 2.5, wpa_supplicant 2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4142\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4142\nhttp://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt" ], "name": "CVE-2015-4142", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2." ], "upstream_fix": "thunderbird 91.2, firefox 91.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38498\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38498" ], "name": "CVE-2021-38498", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1385", "details": [ "A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Dave Vandyke as the original reporter.", "upstream_fix": "thunderbird 102.7, firefox 102.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-23602\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-23602\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23602\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23602" ], "name": "CVE-2023-23602", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges André Bargull, Christian Holler, Gary Kwong, Jan de Mooij, Oriol, and Tom Schuster as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5373\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5373\nhttps://www.mozilla.org/security/announce/2017/mfsa2016-01/#CVE-2017-5373" ], "name": "CVE-2017-5373", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity." ], "upstream_fix": "expat 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22824\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22824\nhttps://github.com/libexpat/libexpat/pull/539" ], "name": "CVE-2022-22824", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-03T02:23:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.", "A flaw was found in the Linux kernel's NFS implementation. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost." ], "acknowledgement": "This issue was discovered by Hangbin Liu (Red Hat) and Jasu Liedes (Synopsys SIG).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16871\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16871" ], "name": "CVE-2018-16871", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable.", "A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable." ], "statement": "Red Hat Enterprise Linux 6 is affected but out of support scope because libXpm is not listed in Red Hat Enterprise Linux 6 ELS Inclusion List[1].\n[1]. https://access.redhat.com/articles/4997301", "upstream_fix": "libXpm 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-4883\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4883\nhttps://lists.x.org/archives/xorg-announce/2023-January/003312.html" ], "name": "CVE-2022-4883", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-248", "details": [ "arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.", "It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) instructions. On hosts with an Intel processor and invept VM exit support, an unprivileged guest user could use these instructions to crash the guest." ], "statement": "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Advanced Threat Research team at Intel Security for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3645\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3645" ], "name": "CVE-2014-3645", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8544\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8544" ], "name": "CVE-2019-8544", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chiaki ISHIKAWA as the original reporter.", "upstream_fix": "thunderbird 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6793\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6793\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6793" ], "name": "CVE-2020-6793", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-416", "details": [ "An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.", "An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8. Therefore this flaw has been rated as having a moderate impact for Red Hat Enterprise Linux 8.", "upstream_fix": "libX11 1.6.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14363\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14363\nhttps://lists.x.org/archives/xorg-announce/2020-August/003056.html" ], "name": "CVE-2020-14363", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1262", "details": [ "Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nReturn registers were overwritten which could have allowed an attacker to execute arbitrary code.\n*Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong as the original reporter.", "upstream_fix": "firefox 115.9, thunderbird 115.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2607\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2607\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2607\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2607" ], "name": "CVE-2024-2607", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-09T17:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.", "A use-after-free flaw was found in route4_change in the net/sched/cls_route.c filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem." ], "acknowledgement": "Red Hat would like to thank Zhenpeng Lin for reporting this issue.", "upstream_fix": "kernel 3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2588\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2588\nhttps://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u" ], "name": "CVE-2022-2588", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-843", "details": [ "A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Samuel Groß (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9816\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9816" ], "name": "CVE-2019-9816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-358", "details": [ "Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a \"SMACK SKIP-TLS\" issue.", "It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan as the original reporter.", "upstream_fix": "nss-3.19.1 1.el5_11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2721\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2721\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-71.html" ], "name": "CVE-2015-2721", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-06T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-122->CWE-190->CWE-194", "details": [ "Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.", "An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code." ], "statement": "Red Hat Product Security has rated these issues as having Important security impact. For additional information, refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/2201201", "upstream_fix": "git 2.4.11, git 2.7.4, git 2.6.6, git 2.5.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2324\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2324" ], "csaw": true, "name": "CVE-2016-2324" }, { "threat_severity": "Low", "public_date": "2017-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected." ], "statement": "This issue was part of the stack guard fixes that was fixed along side the CVE-2017-1000364 flaw. This issue has previously affected Red Hat Enterprise Linux 5,6,7 and MRG-2. This issue is currently fixed in most versions of shipping products.", "acknowledgement": "Red Hat would like to thank Qualys Inc for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000379\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000379\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" ], "name": "CVE-2017-1000379", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93." ], "upstream_fix": "thunderbird 91.2, firefox 91.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38496\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38496" ], "name": "CVE-2021-38496", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Gerald Squelart as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7222\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7222\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-147.html" ], "name": "CVE-2015-7222", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7200\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7200\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-131.html" ], "name": "CVE-2015-7200", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", "A flaw was found in squid. Due to incorrect input validation, squid can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters." ], "statement": "This only affects deployments acting as reverse proxy with a http_port 'accel' or 'vhost' (squid 2.x and 3.x) or http_port 'accel' configuration (squid 4.x).", "upstream_fix": "squid 4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8449\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8449" ], "name": "CVE-2020-8449", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Shaheen Fazim as the original reporter.", "upstream_fix": "thunderbird 102.13, firefox 102.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-37207\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37207\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207" ], "name": "CVE-2023-37207", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7802\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7802\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7802" ], "name": "CVE-2017-7802", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-191", "details": [ "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.", "A flaw was found in grub2 when handling IPv4 packets. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands write during packet handling, compromising data integrity, confidentiality issues, a denial of service, and remote code execution." ], "upstream_fix": "grub 2.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-28733\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28733" ], "name": "CVE-2022-28733", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-266", "details": [ "A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.", "A privilege escalation flaw was found in gluster snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink." ], "statement": "This vulnerability affects gluster servers that have, or have previously had, Gluster volume snapshot scheduling enabled from the CLI. Red Hat Enterprise Virtualization supports volume snapshot scheduling from the Web UI, which uses a distinct mechanism that is not subject to this vulnerability. VM snapshots are not impacted by this flaw. For more information, please see the Vulnerability Article linked under External References.\nThis issue did not affect the versions of glusterfs as shipped with Red Hat Enterprise Linux 6, and 7 because only gluster client is shipped in these products. CVE-2018-1088 affects glusterfs-server package as shipped with Red Hat Gluster Storage 3.", "acknowledgement": "This issue was discovered by John Strunk (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1088\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1088\nhttps://access.redhat.com/articles/3414511" ], "name": "CVE-2018-1088", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates between gluster server nodes and clients. \nCaveat: This would only mitigate attacks from unauthorized malicious clients. gluster clients allowed by auth.allow or having signed TLS client certificates would still be able to trigger this attack.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Toni Huttunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2830\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2830\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-63.html" ], "name": "CVE-2016-2830", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-471", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).", "A flaw was found in the serialization component of OpenJDK handled serialization filter. A process-wide filter could have been modified by setting jdk.serialFilter system property at runtime, possibly leading to a bypass of the intended filter during deserialization." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2604\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2604\nhttps://www.oracle.com/technetwork/java/javase/11-0-6-oracle-relnotes-5813175.html\nhttps://www.oracle.com/technetwork/java/javase/13-0-2-relnotes-5812268.html\nhttps://www.oracle.com/technetwork/java/javase/8u241-relnotes-5813177.html\nhttps://www.oracle.com/technetwork/java/javaseproducts/documentation/javase7supportreleasenotes-1601161.html#R170_251" ], "name": "CVE-2020-2604", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7786\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7786\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7786" ], "name": "CVE-2017-7786", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via \"View -> Feed article -> Website\" or in the standard format of \"View -> Feed article -> default format\". This vulnerability affects Thunderbird < 52.5.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges cure53 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7846\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7846\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829" ], "name": "CVE-2017-7846", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35565\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35565" ], "name": "CVE-2021-35565", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. The master password protection was inactive for those keys. Version 78.10.2 will restore the protection mechanism for newly imported keys, and will automatically protect keys that had been imported using affected Thunderbird versions. This vulnerability affects Thunderbird < 78.10.2." ], "upstream_fix": "thunderbird 78.10.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29956\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29956" ], "name": "CVE-2021-29956", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-28T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-456->CWE-617", "details": [ "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.", "A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.", "upstream_fix": "bind 9.9.7-P2, bind 9.10.2-P3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5477\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5477\nhttps://access.redhat.com/solutions/1548963\nhttps://kb.isc.org/article/AA-01272" ], "name": "CVE-2015-5477", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-73", "details": [ "Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access." ], "upstream_fix": "qt 5.14.0, qt 5.9.10, qt 5.12.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0570\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0570" ], "name": "CVE-2020-0570", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-863", "details": [ "An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.", "A flaw was found in the Linux kernel’s KVM implementation, where improper handing of the VM_IO|VM_PFNMAP VMAs in KVM bypasses RO checks and leads to pages being freed while still accessible by the VMM and guest. This flaw allows users who can start and control a VM to read/write random pages of memory, resulting in local privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, and system availability." ], "statement": "Both Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 leverage udev to set the proper permissions (ugo=rw) of the `/dev/kvm` device, making it accessible to all users. It is worth noting that while the KVM rule is part of the main udev package in Red Hat Enterprise Linux 8, the same rule is shipped with the `qemu-kvm` package in Red Hat Enterprise Linux 7. In other words, Red Hat Enterprise Linux 7 does not expose `/dev/kvm` to unprivileged users by default, as long as the `qemu-kvm` package is not installed.", "upstream_fix": "kernel 5.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-22543\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22543\nhttps://github.com/google/security-research/security/advisories/GHSA-7wq5-phmq-m584" ], "name": "CVE-2021-22543", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-14T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server.", "An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested." ], "upstream_fix": "openssh 7.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1908\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1908" ], "name": "CVE-2016-1908", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10110\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10110" ], "name": "CVE-2017-10110", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Christian Holler, Christoph Diehl, David Major, Jason Kratzer, Jon Coppeard, Marcia Knous, Nicolas B. Pierron, and Ronald Crane as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5188\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5188\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-5188" ], "name": "CVE-2018-5188", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Cross-origin images can be read in violation of the same-origin policy by exporting an image after using createImageBitmap to read the image and then rendering the resulting bitmap image within a canvas element. This vulnerability affects Firefox < 66." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges AaylaSecura1138 as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9797\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9797\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9797" ], "name": "CVE-2019-9797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.26.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-3867\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3867\nhttps://webkitgtk.org/security/WSA-2020-0002.html" ], "name": "CVE-2020-3867", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.", "A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened." ], "upstream_fix": "poppler 0.40.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8868\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8868" ], "name": "CVE-2015-8868", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4842\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4842\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4842", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-131", "details": [ "The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.", "It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash." ], "acknowledgement": "This issue was discovered by Sumit Bose (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1827\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1827" ], "name": "CVE-2015-1827", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all." ], "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15710\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15710\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-15710", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.", "A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability." ], "statement": "This flaw does not affect Red Hat Enterprise Linux 8 because the slapd server is not shipped in the Red Hat Enterprise Linux 8 repositories.", "upstream_fix": "openldap 2.4.56", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25709\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25709\nhttps://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c" ], "name": "CVE-2020-25709", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-325", "details": [ "Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device.", "A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5383\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5383\nhttps://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-update\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00128.html\nhttps://www.kb.cert.org/vuls/id/304725" ], "name": "CVE-2018-5383", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-476", "details": [ "Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9671\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9671" ], "name": "CVE-2014-9671", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "10.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.", "A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14491\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14491\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14491" }, { "threat_severity": "Moderate", "public_date": "2015-03-21T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the related AIO vector code is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7. Future Linux kernel updates for the respective releases might address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2. This flaw is not currently planned to be addressed in future updates due to MRG-2 being an EUS release. For additional information, refer to the Extended Update Support (EUS) Guide: https://access.redhat.com/articles/rhel-eus.", "upstream_fix": "kernel 4.1-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8830\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8830\nhttp://seclists.org/oss-sec/2016/q2/479\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=735" ], "name": "CVE-2015-8830", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10109\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10109" ], "name": "CVE-2017-10109", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8733\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8733\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8733", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171", "A flaw was found in the Linux pinctrl system. It is possible to trigger an of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0427\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0427" ], "name": "CVE-2020-0427", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-22", "details": [ "LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6." ], "upstream_fix": "LibreOffice 6.3.0, LibreOffice 6.2.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9852\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9852\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852" ], "name": "CVE-2019-9852", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace.", "A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a net_hash_mix() function. A remote user could observe this IP ID field to extract the kernel address bits used to derive its value, which may result in leaking the hash key and potentially defeating KASLR." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10639\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10639\nhttps://arxiv.org/pdf/1906.10478.pdf" ], "name": "CVE-2019-10639", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5154\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5154\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5154" ], "name": "CVE-2018-5154", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11526\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11526" ], "name": "CVE-2020-11526", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-10T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.", "A flaw was found in xterm. A specially crafted sequence of combining characters causes an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "upstream_fix": "xterm 366", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-27135\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27135" ], "name": "CVE-2021-27135", "mitigation": { "value": "This vulnerability can be mitigated by disabling UTF-8 support in XTerm configuration. An entry such as \"XTerm.vt100.utf8: false\" in Xresources will disable UTF-8. This can be set as a system default in /etc/X11/Xresources, or per-user in ~/.Xresources.\nNote that this setting can still be overridden if xterm is invoked with the \"-u8\" command line option, so the mitigation may not protect all use cases.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.", "A flaw was found in Mozilla Firefox and Thunderbird. When parsing and validating SCTP chunks in WebRTC a memory buffer overflow could occur leading to memory corruption and an exploitable crash. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Natalie Silvanovich (Google Project Zero) as the original reporter.", "upstream_fix": "thunderbird 68.8.0, firefox 68.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6831\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6831\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831" ], "name": "CVE-2020-6831", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-18T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401->CWE-400", "details": [ "A memory leak in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this because an attacker cannot realistically control this failure at probe time", "A memory leak problem was found in __ipmi_bmc_register in drivers/char/ipmi/ipmi_msghandler.c in Intelligent Platform Management Interface (IPMI) which is used for incoming and outgoing message routing purpose. This flaw may allow an attacker with minimal privilege to cause a denial of service by triggering ida_simple_get() failure." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19046\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19046" ], "name": "CVE-2019-19046", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5380\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5380\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5380" ], "name": "CVE-2017-5380", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.", "A vulnerability was found in OpenPrinting CUPS. Unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach." ], "statement": "This vulnerability is classified as important according to Red Hat's Severity Rating Classification, as unauthorized users are permitted to fetch documents over local or remote networks, leading to confidentiality breach.\nhttps://access.redhat.com/security/updates/classification", "upstream_fix": "cups 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32360\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32360" ], "name": "CVE-2023-32360", "mitigation": { "value": "The user can either set 'PreserveJobFiles No' in cupsd.conf which will completely shut off the saving the job files, thereby preventing the attacker to get a file or restrict access in firewall and in cupsd to trusted users.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-476", "details": [ "Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9670\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9670" ], "name": "CVE-2014-9670", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.", "A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system." ], "statement": "The impact is moderate, because of the need of additional privileges (usually local console user).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8648\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8648" ], "name": "CVE-2020-8648", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.", "A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash." ], "upstream_fix": "httpd 2.4.26, httpd 2.2.34", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7679\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7679\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-7679", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An out-of-bounds read when an HTTP/2 connection to a servers sends \"DATA\" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chun Han Hsiao as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5446\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5446\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5446" ], "name": "CVE-2017-5446", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-281", "details": [ "Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0." ], "upstream_fix": "thunderbird 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43528\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43528" ], "name": "CVE-2021-43528", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90." ], "upstream_fix": "thunderbird 78.12, firefox 78.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29976\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29976" ], "name": "CVE-2021-29976", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected. This vulnerability affects Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thunderbird < 91.12.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when visiting directory listings for `chrome://` URLs as source text, some parameters were reflected." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gijs Kruitbosch as the original reporter.", "upstream_fix": "thunderbird 102.1, thunderbird 91.12, firefox 91.12, firefox 102.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-36318\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36318\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36318" ], "name": "CVE-2022-36318", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-367", "details": [ "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory.", "It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-6435\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6435" ], "name": "CVE-2013-6435", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-10T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.", "It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges." ], "acknowledgement": "This issue was discovered by Red Hat Product Security.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6325\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6325" ], "name": "CVE-2016-6325", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-02T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.", "In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ‘ie_len’ argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5848\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5848" ], "name": "CVE-2018-5848", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-10T00:00:00Z", "cvss": { "cvss_base_score": "4.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way CUPS handled compressed raster image files. An attacker could create a specially crafted image file that, when passed via the CUPS Raster filter, could cause the CUPS filter to crash." ], "statement": "This issue affects the version of cups package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9679\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9679" ], "name": "CVE-2014-9679", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.", "It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Robert Haas as the original reporter.", "upstream_fix": "postgresql 9.6.3, postgresql 9.5.7, postgresql 9.3.17, postgresql 9.4.12, postgresql 9.2.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7484\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7484\nhttps://www.postgresql.org/about/news/1746/" ], "name": "CVE-2017-7484", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-459", "details": [ "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access." ], "statement": "Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA, and documentation) for releasing this content as RHSA. For more information please contact the binary content vendor.", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21125\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21125\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html" ], "name": "CVE-2022-21125", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation.", "A vulnerability was found in the arch/x86/lib/insn-eval.c function in the Linux kernel. An attacker could corrupt the memory due to a flaw in use-after-free access to an LDT entry caused by a race condition between modify_ldt() and a #BR exception for an MPX bounds violation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13233\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13233" ], "name": "CVE-2019-13233", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michał Bentkowski as the original reporter.", "upstream_fix": "thunderbird 68.4.1, firefox 68.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17016\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17016\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17016" ], "name": "CVE-2019-17016", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-05-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.", "A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability." ], "statement": "The hivex utility being non-privileged, does not handle any confidential information. Any external program using the hivex library could be exposed to partial unavailability in case of a crash where a user can always retry the operation. As for libguestfs, a crash in hivex would not result in libguestfs crashing.", "acknowledgement": "Red Hat would like to thank Jeremy Galindo (Datto) for reporting this issue.", "upstream_fix": "hivex 1.3.20", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3504\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3504" ], "name": "CVE-2021-3504", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-01-15T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-772->CWE-835", "details": [ "slapd/connection.c in 389 Directory Server (formerly Fedora Directory Server) 1.3.4.x before 1.3.4.7 allows remote attackers to cause a denial of service (infinite loop and connection blocking) by leveraging an abnormally closed connection.", "An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections (denial of service)." ], "upstream_fix": "389-ds-base 1.3.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0741\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0741" ], "name": "CVE-2016-0741", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4881\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4881\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4881", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8690\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8690\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8690", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-06T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-172", "details": [ "Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.", "It was discovered that python's functions urllib.parse.urlsplit and urllib.parse.urlparse do not properly handle URLs encoded with Punycode/Internationalizing Domain Names in Applications (IDNA), which may result in a wrong domain name (specifically the netloc component of URL - user@domain:port) being returned by those functions. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application." ], "upstream_fix": "python 3.7.3, python 3.5.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9636\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9636\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization.html" ], "name": "CVE-2019-9636", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.", "An out-of-bounds (OOB) memory access flaw was found in the Qlogic ISCSI module in the Linux kernel's qedi_dbg_* family of functions in drivers/scsi/qedi/qedi_dbg.c. Here a local attacker with a special user privilege account (or a root) can cause an out-of-bound memory access leading to a system crash or a leak of internal kernel information." ], "upstream_fix": "kernel 5.1.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15090\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15090" ], "name": "CVE-2019-15090", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-770", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4893\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4893\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4893", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-253->CWE-617", "details": [ "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "A flaw was found in Squid due to an incorrect check of the return value in the helper process management. This issue may allow attackers to perform remote denial of service." ], "statement": "The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.", "upstream_fix": "squid 6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-49286\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49286" ], "name": "CVE-2023-49286", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14556\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14556" ], "name": "CVE-2020-14556", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "A new exploitation technique called key reinstallation attacks (KRACKs) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used pairwise key (PTK-TK) during a 4-way handshake." ], "statement": "This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13077\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13077\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "csaw": true, "name": "CVE-2017-13077" }, { "threat_severity": "Critical", "public_date": "2018-05-15T12:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.", "A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol." ], "statement": "Red Hat has been made aware of a vulnerability affecting the DHCP client packages as shipped with Red Hat Enterprise Linux 6 and 7. This vulnerability CVE-2018-1111 was rated as having a security impact of Critical. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.\nRed Hat Enterprise Virtualization 4.1 includes the vulnerable components, but the default configuration is not impacted because NetworkManager is turned off in the Management Appliance, and not used in conjunction with DHCP in the Hypervisor. Customers can still obtain the updated packages from Red Hat Enterprise Linux channels using `yum update`, or upgrade to Red Hat Enterprise Virtualization 4.2, which includes the fixed packages.\nRed Hat Enterprise Virtualization 3.6 is not vulnerable as it does not use DHCP.", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1111\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1111\nhttps://access.redhat.com/security/vulnerabilities/3442151" ], "csaw": true, "name": "CVE-2018-1111", "mitigation": { "value": "Please access https://access.redhat.com/security/vulnerabilities/3442151 for information on how to mitigate this issue.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2015-10-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-131->CWE-674", "details": [ "Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.", "A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input." ], "upstream_fix": "postgresql 9.4.5, postgresql 9.0.23, postgresql 9.3.10, postgresql 9.1.19, postgresql 9.2.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5289\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5289\nhttp://www.postgresql.org/about/news/1615/" ], "name": "CVE-2015-5289", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-09T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges sushi Anton Larsson as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2831\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2831\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-58.html" ], "name": "CVE-2016-2831", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-13T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-772", "details": [ "The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.", "A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state and crash." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6,\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 realtime kernels.\nFor additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/ .", "acknowledgement": "This issue was discovered by Miroslav Vadkerti (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8844\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8844" ], "name": "CVE-2015-8844", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-08T11:25:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "details": [ "A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.", "A side channel vulnerability was found in hw amd. Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure." ], "acknowledgement": "Red Hat would like to thank Daniël Trujillo (ETH Zurich), Johannes Wikner (ETH Zurich), and Kaveh Razavi (ETH Zurich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-20569\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20569\nhttps://access.redhat.com/solutions/7049120\nhttps://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html" ], "name": "CVE-2023-20569", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-14T17:00:00Z", "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank Apple Product Security for reporting this issue. Upstream acknowledges Stephan Zeisberg (Security Research Labs) as the original reporter.", "upstream_fix": "cups 2.2.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8696\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8696" ], "name": "CVE-2019-8696", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-193->CWE-626->CWE-122", "details": [ "Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.", "An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5119\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5119" ], "name": "CVE-2014-5119", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-08-09T06:30:00Z", "cvss3": { "cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.", "A flaw was found in hw. The APIC can operate in xAPIC mode (also known as a legacy mode), in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. This flaw allows an attacker who can execute code on a target CPU to query the APIC configuration page. When reading the APIC configuration page with an unaligned read from the MMIO page, the registers may return stale data from previous requests made by the same processor core to the same configuration page, leading to unauthorized access." ], "statement": "Red Hat has very limited to no visibility and control over binary blobs provided by third-party vendors. Red Hat relies heavily on the vendors to provide timely updates and information about included changes for this content and in most cases merely acts as a release vehicle between the third-party vendor and Red Hat customers with no possibility of influencing or even documenting the changes. Unless explicitly stated, the level of insight, oversight, and control Red Hat has does not meet the criteria required (in terms of Red Hat ownership of development processes, QA, and documentation) for releasing this content as RHSA. For more information please contact the binary content vendor.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21233\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21233\nhttps://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/stale-data-read-from-xapic.html" ], "name": "CVE-2022-21233", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1974\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1974\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-34.html" ], "name": "CVE-2016-1974", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-20T00:00:00Z", "cvss": { "cvss_base_score": "1.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process." ], "statement": "A non-standard system configuration (\"networks: file dns\" in /etc/nsswitch.conf) and possibly a DNS spoofing attack is required to exploit this flaw.\nRed Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9402\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9402" ], "name": "CVE-2014-9402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-01T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "The virDomainListPopulate function in conf/domain_conf.c in libvirt before 1.2.9 does not clean up the lock on the list of domains, which allows remote attackers to cause a denial of service (deadlock) via a NULL value in the second parameter in the virConnectListAllDomains API command.", "A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive." ], "statement": "This issue does not affect the versions of libvirt packages as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of libvirt packages as shipped with Red Hat\nEnterprise Linux 6 and 7. Future updates may address this issue in the\nrespective Red Hat Enterprise Linux releases.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3657\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3657" ], "name": "CVE-2014-3657", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nPush notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Harveer Singh as the original reporter.", "upstream_fix": "thunderbird 115.2, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4580\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4580\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4580" ], "name": "CVE-2023-4580", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.", "It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it." ], "statement": "This issue affects the versions of sssd as shipped with Red Hat Satellite version 6.0. More recent versions of Satellite no longer ships sssd. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Sumit Bose (Red Hat).", "upstream_fix": "sssd 1.16.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12173\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12173" ], "name": "CVE-2017-12173", "mitigation": { "value": "It is possible to disable manually credential caching :\n* Stop the sssd service\n* Delete the cache (rm -f /var/lib/sss/db/* /var/log/sssd/*) or manually remove the hashes for the database\n* In the sssd configuration file, change cache_credentials to False for each domains\n* start the sssd service again\nHowever, tools such as realmd & ipa-client-install might enable credential caching, and should be used with care.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.", "A vulnerability has been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1522\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1522\nhttp://www.talosintel.com/reports/TALOS-2016-0057/\nhttp://www.talosintel.com/reports/TALOS-2016-0060/" ], "name": "CVE-2016-1522", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-01-17T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21830\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21830" ], "name": "CVE-2023-21830", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-12T18:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.", "A flaw was found in the Intel graphics hardware (GPU), where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to the address space required to function correctly." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/solutions/i915-graphics", "acknowledgement": "Red Hat would like to thank Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0155\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0155\nhttps://access.redhat.com/solutions/i915-graphics\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html" ], "csaw": true, "name": "CVE-2019-0155", "mitigation": { "value": "Preventing loading of the i915 kernel module will prevent attackers from using this exploit against the system however the power management functionality of the card will be disabled and the system may draw additional power. See this KCS article( https://access.redhat.com/solutions/41278 ) for instructions on how to disable a kernel module. Graphical displays may also be at low resolution or not work correctly. This mitigation may not be suitable if running graphical tools locally is required.", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2015-09-23T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-401", "details": [ "Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a large number of logins that trigger parsing of PAC blobs during Kerberos authentication.", "It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5292\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5292" ], "name": "CVE-2015-5292", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when accessing throttled streams, the count of available bytes needs to be checked in the calling function to be within bounds. This may have led future code to be incorrect and vulnerable." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "thunderbird 102.9, firefox 102.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25752\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25752\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25752\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25752" ], "name": "CVE-2023-25752", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.", "A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call." ], "upstream_fix": "tomcat 6.0.45, tomcat 7.0.65, tomcat 8.0.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5174\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5174\nhttp://seclists.org/bugtraq/2016/Feb/149" ], "name": "CVE-2015-5174", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-30T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.", "A stack-based buffer overflow flaw was found in the way objdump processed IHEX files. A specially crafted IHEX file could cause objdump to crash or, potentially, execute arbitrary code with the privileges of the user running objdump." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8503\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8503" ], "name": "CVE-2014-8503", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "status": "verified" }, "cwe": "CWE-362", "details": [ "Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.", "A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn (Google) as the original reporter.", "upstream_fix": "samba 4.4.11, samba 4.5.7, samba 4.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2619\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2619\nhttps://www.samba.org/samba/security/CVE-2017-2619.html" ], "name": "CVE-2017-2619", "mitigation": { "value": "Add the parameter:\nunix extensions = no\nto the [global] section of your smb.conf and restart smbd. This prevents SMB1 clients from creating symlinks on the exported file system using SMB1.\nHowever, if the same region of the file system is also exported using NFS, NFS clients can create symlinks that potentially can also hit the race condition. For non-patched versions of Samba we recommend only exporting areas of the file system by either SMB or NFS, not both.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-16T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.", "A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Marko Tiikkaja as the original reporter.", "upstream_fix": "postgresql 9.1.15, postgresql 9.3.6, postgresql 9.0.19, postgresql 9.4.1, postgresql 9.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0243\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0243\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2015-0243", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12379\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12379\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12379" ], "name": "CVE-2018-12379", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-12T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL selector\" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.", "Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7\nmay address this issue.", "acknowledgement": "Red Hat would like to thank Xiaohan Zhang (Huawei Inc.) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2583\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2583" ], "name": "CVE-2017-2583", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.", "A NULL pointer dereference in httpd allows an unauthenticated remote attacker to crash httpd by providing malformed HTTP requests. The highest threat from this vulnerability is to system availability." ], "upstream_fix": "httpd 2.4.49", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-34798\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-34798\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2021-34798", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-09-05T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.", "It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8777\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8777" ], "name": "CVE-2015-8777", "mitigation": { "value": "The glibc pointer guard is a post-exploitation mitigation mechanism. As such, it is only relevant if there are exploitable security vulnerabilities in the system. Therefore, applying available security updates to the system is a possible mitigation for this issue.\nIn typical deployments, environment variables can only be set by users with shell access. Restricting shell access to trusted users is another possible mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs were reported in Firefox 57 and Firefox ESR 52.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Cobos Álvarez, Jason Kratzer, Jason Orendorff, Karl Tomlinson, Ludovic Hirlimann, Marcia Knous, Nathan Froyd, Oriol Brufau, Randell Jesup, Ronald Crane, Ryan VanderMeulen, Sebastian Hengst, Tyson Smith, and Xidorn Quan as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5089\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5089\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5089" ], "name": "CVE-2018-5089", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Gary Kwong, Jesse Ruderman, Julian Seward, Karl Tomlinson, Olli Pettay, Sylvestre Ledru, Timothy Nikkel, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2818\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2818\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-49.html" ], "name": "CVE-2016-2818", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Pass::readPass function.", "An out of bounds read flaw related to \"graphite2::Pass::readPass\" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7771\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7771\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7771", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-362", "details": [ "An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.", "A race condition was found in the Linux kernel's sound timer code in the snd_timer_user_read() function in the sound/core/timer.c file. An unprivileged attacker can exploit the race condition to cause an out-of-bound access which may lead to a system crash or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13167\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13167" ], "name": "CVE-2017-13167", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2582\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2582" ], "name": "CVE-2018-2582", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.", "It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3427\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3427\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-3427", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave." ], "statement": "This issue did not affect the versions of libsndfile as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of libsndfile as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13139\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13139" ], "name": "CVE-2018-13139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-26T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.", "It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time." ], "acknowledgement": "This issue was discovered by Sumit Bose (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0283\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0283" ], "name": "CVE-2015-0283", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-05-02T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.", "It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases will address this issue.\nPlease note that on x86-64 architecture systems the impact is limited to local Denial of Service and that the ping sockets functionality is disabled by default (net.ipv4.ping_group_range sysctl is \"10\").", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3636\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3636" ], "name": "CVE-2015-3636", "mitigation": { "value": "You can check whether ping socket functionality is enabled by examining the net.ipv4.ping_group_range sysctl value:\n~]# sysctl net.ipv4.ping_group_range\nnet.ipv4.ping_group_range = 10\n\"1 0\" is the default value and disables the ping socket functionality even for root user. Any other value means that the ping socket functionality might be enabled for certain users on the system.\nTo mitigate this vulnerability make sure that you either allow the functionality to trusted local users (groups) only or set the net.ipv4.ping_group_range sysctl to the default and disabled state:\n~]# sysctl net.ipv4.ping_group_range=\"1 0\"\nPlease note that this might prevent some programs relying on this functionality from functioning properly.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-13T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-772", "details": [ "The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.", "A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state and crash." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6,\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and MRG-2 realtime kernels.\nFor additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/ .", "acknowledgement": "This issue was discovered by Miroslav Vadkerti (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8845\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8845" ], "name": "CVE-2015-8845", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-13T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document." ], "statement": "This issue affects the versions of qt5-base and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15518\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15518" ], "name": "CVE-2018-15518", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-23T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-704", "details": [ "The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a \"bits/bytes confusion bug.\"", "A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters." ], "acknowledgement": "Red Hat would like to thank Aris Adamantiadis for reporting this issue.", "upstream_fix": "libssh2 1.7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0787\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0787\nhttp://www.libssh2.org/adv_20160223.html" ], "name": "CVE-2016-0787", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that concurrent use of the URL parser with non-UTF-8 data was not thread-safe, leading to a use-after-free problem and causing a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Ebert as the original reporter.", "upstream_fix": "thunderbird 102.3, firefox 102.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40960\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40960\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40960" ], "name": "CVE-2022-40960", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file." ], "upstream_fix": "thunderbird 60.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5824\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5824\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-03/" ], "name": "CVE-2016-5824", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-200", "details": [ "If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv=\"refresh\" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, read and modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag, or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text'. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a `meta` tag, with the `meta` tag having the `http-equiv=\"refresh\"` attribute and the content attribute specifying an URL. Thunderbird started a network request to that URL, regardless of the configuration, to block remote content. In combination with certain other HTML elements and attributes in the email, it was possible to execute JavaScript code included in the message in the context of the message compose document. The JavaScript code was able to perform actions including, but probably not limited to, reading and modifying the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email. The contents could then be transmitted to the network, either to the URL specified in the META refresh tag or to a different URL, as the JavaScript code could modify the URL specified in the document. This bug doesn't affect users who have changed the default Message Body display setting to 'simple html' or 'plain text.'" ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sarah Jamie Lewis as the original reporter.", "upstream_fix": "thunderbird 91.13.1, thunderbird 102.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-3033\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3033\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3033\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-39/#CVE-2022-3033" ], "name": "CVE-2022-3033", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan (@sourc7) as the original reporter.", "upstream_fix": "thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26956\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26956\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956" ], "name": "CVE-2020-26956", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.", "A flaw was found in the Linux kernels eBPF implementation. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can abuse a flaw in eBPF to corrupt memory. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "This flaw is rated as having Moderate impact as eBPF requires a privileged user on Red Hat Enterprise Linux to correctly load eBPF instructions that can be exploited.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29154\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29154" ], "name": "CVE-2021-29154", "mitigation": { "value": "This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected.\nIt can be disabled immediately with the command:\n# echo 0 > /proc/sys/net/core/bpf_jit_enable\nOr it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable\n## start file ##\nnet.core.bpf_jit_enable=0\n## end file ##", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2021-12-01T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures.", "A flaw was found in Thunderbird, which is vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS signatures." ], "statement": "Thunderbird is affected when parsing email with the S/MIME signature. Thunderbird on Red Hat Enterprise Linux 8.4 and later does not need to be updated since it uses the system NSS library, but earlier Red Hat Enterprise Linux 8 extended lifestreams will need to update Thunderbird as well as NSS.", "upstream_fix": "thunderbird 91.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43529\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43529\nhttps://access.redhat.com/security/cve/CVE-2021-43527\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-008\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1738501" ], "name": "CVE-2021-43529", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2755\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2755" ], "name": "CVE-2020-2755", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "Some websites have a feature \"Show Password\" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Makoto Kato as the original reporter.", "upstream_fix": "thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26965\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26965\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965" ], "name": "CVE-2020-26965", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7784\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7784\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7784" ], "name": "CVE-2017-7784", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIn some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mark Brand as the original reporter.", "upstream_fix": "thunderbird 115.1, thunderbird 102.14, firefox 102.14, firefox 115.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4050\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4050\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4050\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4050\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050" ], "name": "CVE-2023-4050", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-03-05T00:00:00Z", "cvss": { "cvss_base_score": "1.4", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x before 1.3.3.9 stores \"unhashed\" passwords even when the nsslapd-unhashed-pw-switch option is set to off, which allows remote authenticated users to obtain sensitive information by reading the Changelog.", "It was found that when the nsslapd-unhashed-pw-switch 389 Directory Server configuration option was set to \"off\", it did not prevent the writing of unhashed passwords into the Changelog. This could potentially allow an authenticated user able to access the Changelog to read sensitive information." ], "statement": "This issue did not affect the versions of 389-ds-base as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "This issue was discovered by Ludwig Krispenz (Red Hat Identity Management Engineering Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8112\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8112" ], "name": "CVE-2014-8112", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "8.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "status": "verified" }, "details": [ "Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors.", "Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC)." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter.", "upstream_fix": "samba 4.3.7, samba 4.2.10, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5370\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5370\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2015-5370", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versions from 0.11.4 and before fixed versions 1.8.5 and 1.10.0. The Flatpak portal D-Bus service (`flatpak-portal`, also known by its D-Bus service name `org.freedesktop.portal.Flatpak`) allows apps in a Flatpak sandbox to launch their own subprocesses in a new sandbox instance, either with the same security settings as the caller or with more restrictive security settings. For example, this is used in Flatpak-packaged web browsers such as Chromium to launch subprocesses that will process untrusted web content, and give those subprocesses a more restrictive sandbox than the browser itself. In vulnerable versions, the Flatpak portal service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is not in a sandbox. As a workaround, this vulnerability can be mitigated by preventing the `flatpak-portal` service from starting, but that mitigation will prevent many Flatpak apps from working correctly. This is fixed in versions 1.8.5 and 1.10.0.", "A flaw was found in Flatpak. The Flatpak portal D-Bus service passes caller-specified environment variables to non-sandboxed processes on the host system, and in particular to the `flatpak run` command that is used to launch the new sandbox instance. A malicious or compromised Flatpak app could set environment variables that are trusted by the `flatpak run` command, and use them to execute arbitrary code that is outside the sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank Simon McVittie (Collabora Ltd.) for reporting this issue.", "upstream_fix": "flatpak 1.8.5, flatpak 1.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-21261\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21261\nhttps://github.com/flatpak/flatpak/security/advisories/GHSA-4ppf-fxf6-vxg2" ], "name": "CVE-2021-21261", "mitigation": { "value": "This vulnerability can be mitigated by preventing the flatpak-portal service from starting. Please note that this mitigation may prevent other Flatpak apps from working correctly.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash." ], "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43537\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43537" ], "name": "CVE-2021-43537", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yangkang of 360 ATA Team as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6861\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6861\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861" ], "name": "CVE-2023-6861", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-22T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-267", "details": [ "A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.", "A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions." ], "acknowledgement": "Red Hat would like to thank Tobias Stöckmann for reporting this issue.", "upstream_fix": "util-linux 2.32.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2616\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2616" ], "name": "CVE-2017-2616", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5433\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5433\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5433" ], "name": "CVE-2017-5433", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Vytautas Staraitis as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7196\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7196\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-130.html" ], "name": "CVE-2015-7196", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-16T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-862", "details": [ "A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.", "A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape." ], "statement": "The nested virtualization feature is not enabled by default up to Red Hat Enterprise Linux 8.4. Most importantly, Red Hat currently provides nested virtualization only as a Technology Preview, and is therefore unsupported for production use. For additional details please see https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.", "acknowledgement": "This issue was discovered by Maxim Levitsky (Red Hat) and Paolo Bonzini (Red Hat).", "upstream_fix": "kernel 5.14-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3656\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3656\nhttps://www.openwall.com/lists/oss-security/2021/08/16/1" ], "name": "CVE-2021-3656", "mitigation": { "value": "This vulnerability can be mitigated by disabling the nested virtualization feature:\n```\n# modprobe -r kvm_amd\n# modprobe kvm_amd nested=0\n```\nDisabling VLS (Virtual VMLOAD/VMSAVE) is an alternative mitigation:\n```\n# modprobe kvm_amd vls=0\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rob Wu as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12396\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12396\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12396" ], "name": "CVE-2018-12396", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data.", "A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1790\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1790" ], "name": "CVE-2015-1790", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.", "An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Armin Razmdjou as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0822\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0822\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-24" ], "name": "CVE-2015-0822", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.", "Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences." ], "statement": "This issue affects the versions of pkicore as shipped with Red Hat Certificate System 9. Red Hat Product Security has rated this issue as having security impact of Low. Please also note that all instances of \"authz.evaluateOrder\" are set to \"deny,allow\" by default. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "This issue was discovered by Fraser Tweedale (Red Hat).", "upstream_fix": "PKI 10.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1080\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1080" ], "name": "CVE-2018-1080", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.", "A flaw was found in hw. Non-transparent sharing of branch predictor targets between contexts in some Intel(R) processors may potentially allow an authorized user to enable information disclosure via local access." ], "acknowledgement": "Red Hat would like to thank Johannes Wikner (ETH Zurich) and Kaveh Razavi (ETH Zurich) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29901\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29901\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html" ], "name": "CVE-2022-29901", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.", "A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9064\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9064\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-89.html" ], "name": "CVE-2016-9064", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-31T00:00:00Z", "cvss": { "cvss_base_score": "7.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-119", "details": [ "NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.", "A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges." ], "statement": "This issue did not affect the versions of samba or samba3x as shipped with Red Hat Enterprise Linux 5, and the versions of samba as shipped with Red Hat Enterprise Linux 6, as it only affected Samba 4.0.0 and higher.", "upstream_fix": "samba 4.1.11, samba 4.0.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3560\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3560\nhttps://www.samba.org/samba/security/CVE-2014-3560" ], "name": "CVE-2014-3560", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-08-02T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.", "A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability." ], "statement": "Any external program using the hivex library could be exposed to partial unavailability in case of a crash where a user can always retry the operation. As for libguestfs, a crash in hivex would not result in libguestfs crashing.", "acknowledgement": "Red Hat would like to thank Jeremy Galindo (Datto) for reporting this issue.", "upstream_fix": "hivex 1.3.21", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3622\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3622" ], "name": "CVE-2021-3622", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-05-28T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.", "A regression was found in the ssleay_rand_bytes() function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash." ], "statement": "This issue does not affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3216\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3216" ], "name": "CVE-2015-3216", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.", "The Mozilla Foundation Security Advisory describes this issue as:\nA malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rob Wu as the original reporter.", "upstream_fix": "thunderbird 78.9, firefox 78.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23984\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23984\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23984" ], "name": "CVE-2021-23984", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843->(CWE-125|CWE-787)", "details": [ "A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bruno Keith via Beyond Security's SecuriTeam Secure Disclosure program, Niklas Baumstark, and Samuel Groß as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12386\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12386\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-24/#CVE-2018-12386" ], "name": "CVE-2018-12386", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-03-04T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-749", "details": [ "The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.", "A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel." ], "statement": "This issue did not affect the versions of the kernel as shipped\nwith Red Hat Enterprise Linux 4, 5, and 6.\nThis issue affects the versions of the Linux as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-7421\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7421" ], "name": "CVE-2013-7421", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-269", "details": [ "A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16838\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16838" ], "name": "CVE-2018-16838", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.", "The Mozilla Foundation Security Advisory describes this flaw as:\nBy misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks." ], "upstream_fix": "thunderbird 91.4.0, firefox 91.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43538\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43538" ], "name": "CVE-2021-43538", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11713\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11713\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11713" ], "name": "CVE-2019-11713", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-05-28T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.", "A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input." ], "statement": "LDAP servers are not usually exposed to the open internet, requiring adjacent connectivity for a successful attack. This issue also requires a compromised user account to perform the attack. Therefore, this flaw is rated as a Moderate severity.", "upstream_fix": "389-ds-base 1.3.11.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2199\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2199" ], "name": "CVE-2024-2199", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-79", "details": [ "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.", "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences." ], "statement": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "upstream_fix": "drupal 7.66, jquery 3.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11358\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11358\nhttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/\nhttps://www.drupal.org/sa-core-2019-006" ], "name": "CVE-2019-11358", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-276", "details": [ "An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anne van Kesteren as the original reporter.", "upstream_fix": "firefox 78.1, firefox 79, thunderbird 78.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15653\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15653\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653" ], "name": "CVE-2020-15653", "csaw": false }, { "threat_severity": "Critical", "public_date": "2022-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR < 91.9.1, Firefox < 100.0.2, Firefox for Android < 100.3.0, and Thunderbird < 91.9.1.", "The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process." ], "upstream_fix": "thunderbird 91.9.1, firefox 100.0.2, firefox 91.9.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1529\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1529\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1529" ], "name": "CVE-2022-1529", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Byron Campen as the original reporter.", "upstream_fix": "thunderbird 78, thunderbird 68.10.0, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12420\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12420\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420" ], "name": "CVE-2020-12420", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-805->CWE-122->CWE-787", "details": [ "An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.", "An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, leads to an out-of-bounds write. This flaw allows a remote, unauthenticated, attacker running an RDP server, or a local attacker, using a specially crafted certificate, to cause an out-of-bounds write into client process memory, corrupting the integrity of the data used in the RSA encryption functionality, or causing a denial of service." ], "upstream_fix": "freerdp 2.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13398\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13398" ], "name": "CVE-2020-13398", "mitigation": { "value": "To mitigate this flaw, only make connection attempts to trusted RDP servers from the RDP client application.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.", "Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the next SOA refresh query for that zone is made." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Greg Kuechle (SaskTel) as the original reporter.", "upstream_fix": "bind 9.17.12, bind 9.16.14, bind 9.11.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-25214\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25214\nhttps://kb.isc.org/docs/cve-2021-25214" ], "name": "CVE-2021-25214", "mitigation": { "value": "Disabling incremental zone transfers (IXFR) by setting \"request-ixfr no;\" in the desired configuration block (options, zone, or server) prevents the failing assertion from being evaluated.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "(CWE-190|CWE-119)", "details": [ "Integer overflow in the stagefright::SampleTable::isValid function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via crafted MPEG-4 video data with H.264 encoding." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4480\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4480\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-83.html" ], "name": "CVE-2015-4480", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages \"type confusion.\"" ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5263\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5263\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-78.html" ], "name": "CVE-2016-5263", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.", "A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4655\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4655" ], "name": "CVE-2014-4655", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7779\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7779\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7779" ], "name": "CVE-2017-7779", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X Window System (aka X11 or X) X11R6.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8096\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8096\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8096", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability." ], "statement": "The versions of httpd package shipped with Red Hat Enterprise Linux are by default configured in prefork MPM mode, which means that this flaw can result in a crash of child process. The main web server process will not be killed. Also, though the module is loaded by default, it needs to be specifically enabled in order to be exposed to the security flaw.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1303\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1303" ], "name": "CVE-2018-1303", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.", "A flaw was discovered in the Linux kernel's USB subsystem in the __usb_get_extra_descriptor() function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. By using a specially crafted USB device which sends a forged extra descriptor, an unprivileged user with physical access to the system can potentially cause a privilege escalation or trigger a system crash or lock up and thus to cause a denial of service (DoS)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20169\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20169" ], "name": "CVE-2018-20169", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThrough a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing." ], "upstream_fix": "thunderbird 91.3, firefox 91.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38506\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38506" ], "name": "CVE-2021-38506", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans.", "A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0477\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0477\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0477", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2987\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2987" ], "name": "CVE-2019-2987", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aleksejs Popovs as the original reporter.", "upstream_fix": "chromium-browser 87.0.4280.66, thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-16012\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-16012\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012" ], "name": "CVE-2020-16012", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The search_make_new function in evdns.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (out-of-bounds read) via an empty hostname.", "An out of bounds read vulnerability was found in libevent in the search_make_new function. If an attacker could cause an application using libevent to attempt resolving an empty hostname, an out of bounds read could occur possibly leading to a crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10197\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10197" ], "name": "CVE-2016-10197", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-356", "details": [ "An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker abusing XSLT error handling to associate attacker-controlled content with another origin, which was displayed in the address bar. This issue could be used to fool the user into submitting data intended for the spoofed origin." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Ebert as the original reporter.", "upstream_fix": "firefox 102.2, firefox 91.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38472\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38472\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38472" ], "name": "CVE-2022-38472", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-416", "details": [ "sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format." ], "upstream_fix": "libreoffice 6.0.1.1, libreoffice 5.4.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10119\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10119\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/" ], "name": "CVE-2018-10119", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-25T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.", "It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information." ], "acknowledgement": "This issue was discovered by Viktor Ashirov (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5416\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5416" ], "name": "CVE-2016-5416", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Using remote content in encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5184\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5184\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184" ], "name": "CVE-2018-5184", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.", "It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent." ], "statement": "In order to exploit this flaw, the attacker needs to have control of the forwarded agent-socket and the ability to write to the filesystem of the host running ssh-agent. Because of this restriction for successful exploitation, this issue has been rated as having Moderate security impact. A future update may address this flaw.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10009\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10009\nhttps://www.openssh.com/txt/release-7.4" ], "name": "CVE-2016-10009", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2793\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2793\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2793", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"" ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7175\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7175\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7175", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "Multiple stack-based buffer overflows in the File Transfer feature in rfbserver.c in LibVNCServer 0.9.9 and earlier allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long file or (2) directory name or the (3) FileTime attribute in a rfbFileTransferOffer message.", "Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6055\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6055" ], "name": "CVE-2014-6055", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The name_parse function in evdns.c in libevent before 2.1.6-beta allows remote attackers to have unspecified impact via vectors involving the label_len variable, which triggers an out-of-bounds stack read.", "A vulnerability was found in libevent with the parsing of DNS requests and replies. An attacker could send a forged DNS response to an application using libevent which could lead to reading data out of bounds on the heap, potentially disclosing a small amount of application memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10195\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10195" ], "name": "CVE-2016-10195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-10T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-787", "details": [ "Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an \"Off-by-two\" or \"Out of bounds overwrite\" memory error.", "A flaw was found in the way grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8370\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8370\nhttp://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html" ], "name": "CVE-2015-8370", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-784", "details": [ "By injecting a cookie with certain special characters, an attacker on a shared subdomain which is not a secure context could set and thus overwrite cookies from a secure context, leading to session fixation and other attacks. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that by injecting a cookie with certain special characters, an attacker on a shared subdomain, which is not a secure context, could set and overwrite cookies from a secure context, leading to session fixation and other attacks." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Axel Chong (@Haxatron) as the original reporter.", "upstream_fix": "thunderbird 102.3, firefox 102.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-40958\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40958\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40958" ], "name": "CVE-2022-40958", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2740\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2740\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2740", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-191", "details": [ "A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in X.Org Server. An Integer underflow leading to heap-buffer overflow may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-x11-server 1.20.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14361\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14361\nhttps://lists.x.org/archives/xorg-announce/2020-August/003058.html" ], "name": "CVE-2020-14361", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-02T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgotten and never popped. If tasks are allocated on the heap, this can cause double free and a memory leak. If not, this still can cause a logical bug. Crates using `Stealer::steal`, `Stealer::steal_batch`, or `Stealer::steal_batch_and_pop` are affected by this issue. This has been fixed in crossbeam-deque 0.8.1 and 0.7.4." ], "upstream_fix": "thunderbird 91.2, firefox 91.2, rust-crossbeam-deque 0.8.1, rust-crossbeam-deque 0.7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-32810\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32810" ], "name": "CVE-2021-32810", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005.", "It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue.", "upstream_fix": "samba 4.3.7, samba 4.2.10, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2111\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2111\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2111", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was found in Mozilla Firefox and Thunderbird where null bytes were incorrectly parsed in HTML entities. This could lead to HTML comments being treated as code which could lead to XSS in a web application or HTML entities being masked from filters." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gareth Heyes as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11763\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11763\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763" ], "name": "CVE-2019-11763", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in watchOS 6.1. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8764\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8764\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8764", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "10.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-732", "details": [ "The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame." ], "upstream_fix": "thunderbird 91.3, firefox 91.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38503\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38503" ], "name": "CVE-2021-38503", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-12-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.2", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-772", "details": [ "mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service.", "A flaw was found in the Linux kernel's mwifiex driver implementation when connecting to other WiFi devices in \"Test Mode.\" A kernel memory leak can occur if an error condition is met during the parameter negotiation. This issue can lead to a denial of service if multiple error conditions meeting the repeated connection attempts are attempted." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20095\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20095" ], "name": "CVE-2019-20095", "mitigation": { "value": "As connecting to a wireless device is not automatic and initiated by a user, not connecting to rogue access points would prevent this flaw from being abused.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).", "It was discovered that libX11 does not properly validate input coming from the server, causing XListExtensions() and XGetFontPath() functions to produce an invalid list of elements that in turn make XFreeExtensionsList() and XFreeFontPath() access invalid memory. An attacker who can either configure a malicious X server or modify the data coming from one, could use this flaw to crash the application using libX11, resulting in a denial of service." ], "statement": "This issue did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code.\nTo exploit the vulnerability an attacker would need to have already compromised the X server used by your applications. Normally, the X client that runs libX11 and the X server runs on the same machine, thus if an attacker can trigger this flaw he has already compromised the X server, which runs as root, and he has already full control on the system. If the X client runs on another system than the X server (e.g. DISPLAY environment variable is used and it points to an X server on another system) then exploiting this vulnerability would only crash the client, which should not be run with high privileges. For the above reasons, this flaw was rated as Moderate Impact.", "upstream_fix": "libX11 1.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14598\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14598" ], "name": "CVE-2018-14598", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-12T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-459->CWE-89", "details": [ "A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.", "A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity." ], "acknowledgement": "Upstream acknowledges Alexander Lakhin as the original reporter.", "upstream_fix": "postgresql 14.3, postgresql 13.7, postgresql 12.11, postgresql 10.21, postgresql 11.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1552\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1552\nhttps://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/\nhttps://www.postgresql.org/support/security/CVE-2022-1552/" ], "name": "CVE-2022-1552", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rob Wu as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12397\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12397\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12397" ], "name": "CVE-2018-12397", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.", "A heap buffer overflow issue was found in the load_device_tree() function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potentially execute arbitrary code on a host system with privileges of the QEMU process." ], "acknowledgement": "Red Hat would like to thank Kurtis Miller (nccgroup.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20815\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20815" ], "name": "CVE-2018-20815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388\"; in other words, this is not a CVE ID for a vulnerability.", "It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request." ], "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5388\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5388" ], "name": "CVE-2016-5388", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.", "A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in this product.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7472\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7472" ], "name": "CVE-2017-7472", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.", "A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged system user could use this flaw to crash the system kernel resulting in the denial of service." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7, and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski and Nick Peterson (Everdox Tech LLC) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8897\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8897\nhttps://access.redhat.com/security/vulnerabilities/pop_ss" ], "csaw": true, "name": "CVE-2018-8897" }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2799\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2799\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2799", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.", "A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "upstream_fix": "kernel 3.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-42739\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-42739\nhttps://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/" ], "name": "CVE-2021-42739", "mitigation": { "value": "To mitigate this issue, prevent the module firedtv from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-31T13:42:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-345", "details": [ "It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox.", "It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox." ], "acknowledgement": "Red Hat would like to thank Imre Rad for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10181\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10181" ], "name": "CVE-2019-10181", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-26T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-130->CWE-125", "details": [ "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.", "A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4341\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4341" ], "name": "CVE-2014-4341", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.", "Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to enable escalation of privilege via local access." ], "statement": "Please contact your OEM support group to obtain the correct driver version.", "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-27635\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-27635\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-27635", "mitigation": { "value": "UEFI firmware to version 3.2.20.23023 (includes versions 2.2.20.23023 and 1.2.20.23023)or later.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A fixed-size stack buffer could overflow in nrappkit when doing WebRTC signaling. This resulted in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.", "A flaw was discovered in Mozilla Firefox and Thunderbird where a fixed-stack buffer overflow could occur during WebRTC signalling. The vulnerability could lead to an exploitable crash or leak data." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11760\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11760\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760" ], "name": "CVE-2019-11760", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-19T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.", "It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3426\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3426\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html#AppendixJAVA" ], "name": "CVE-2016-3426", "csaw": false }, { "threat_severity": "Critical", "public_date": "2020-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.", "A flaw was found in Mozilla Firefox. A race condition can occur while running the nsDocShell destructor causing a use-after-free memory issue. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francisco Alonso and Javier Marcos as the original reporter.", "upstream_fix": "firefox 68.6.1, firefox 74.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6819\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6819\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819" ], "name": "CVE-2020-6819", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-863", "details": [ "Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks.", "It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks." ], "acknowledgement": "This issue was discovered by Liam Campbell (Red Hat).", "upstream_fix": "ipa 4.3.3, ipa 4.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9575\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9575" ], "name": "CVE-2016-9575", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.", "A NULL pointer dereference flaw was discovered in libvirt in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service." ], "upstream_fix": "libvirt 5.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3840\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3840" ], "name": "CVE-2019-3840", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20098\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20098" ], "name": "CVE-2018-20098", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nUsing a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Georg Felber and Marco Squarcina (TU Wien) as the original reporter.", "upstream_fix": "firefox 115.9, thunderbird 115.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2610\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2610\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2610\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2610" ], "name": "CVE-2024-2610", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution." ], "statement": "This vulnerability affected the glibc package on Red Hat Enterprise Linux 7.4, however it can only be exploited when mount namespaces owned by user namespaces are enabled, which requires manually configuring a kernel parameter and sysctl that are not enabled by default. Please see the Bugzilla link for more details.\nThis vulnerability affects glibc on Red Hat Enterprise Linux 6. However the kernel included in Red Hat Enterprise Linux 6 does not violate glibc's assumption about the behaviour of getcwd(), so this vulnerability can not be exploited when running with the default kernel. Red Hat Enterprise Linux 6 containers may be vulnerable when running on a host with kernel 2.6.36 or greater.", "acknowledgement": "Red Hat would like to thank halfdog for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000001\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000001" ], "name": "CVE-2018-1000001", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-02T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805." ], "upstream_fix": "nettle 3.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8803\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8803\nhttps://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003028.html" ], "name": "CVE-2015-8803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.", "A flaw was found in python-urllib3. The HTTPConnection.request() does not properly validate CRLF sequences in the HTTP request method, potentially allowing manipulation of the request by injecting additional HTTP headers. The highest threat from this vulnerability is to confidentiality and integrity." ], "statement": "* Red Hat OpenShift Container Platform (OCP) 4 delivers the python-urllib3 package, which includes a vulnerable version of the urllib3 module, however from OCP 4.6, the python-urllib3 package is no longer shipped and will not be fixed.\n* In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.\nNote: Versions of `python-pip` are marked as not affected because there is no way for a pip user to control the HTTP request method.", "upstream_fix": "urllib3 1.25.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26137\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26137" ], "name": "CVE-2020-26137", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).", "It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2602\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2602" ], "name": "CVE-2018-2602", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-02-25T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a \"Transfer-Encoding: chunked\" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.", "It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests." ], "upstream_fix": "tomcat 7.0.47, tomcat 8.0.0-rc3, tomcat 6.0.39", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4286\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4286" ], "name": "CVE-2013-4286", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-12-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer." ], "statement": "Potential successful exploitation will cause the curl to crash, which generates a low impact to the environment where the curl is used. Additionally, exploitation depends on the conditions that are out of the attacker's control, like usage of specific protocols (SMB or TELNET) and HTTP proxy tunnels at the same time. Due to these facts, this vulnerability has been classified as a Low severity issue.", "upstream_fix": "curl 7.87.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-43552\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43552\nhttps://curl.se/docs/CVE-2022-43552.html" ], "name": "CVE-2022-43552", "mitigation": { "value": "Avoid using the SMB and TELNET protocols.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.", "A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Siva Kakarla as the original reporter.", "upstream_fix": "bind 9.11.30, bind 9.16.14, bind 9.17.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-25215\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25215\nhttps://kb.isc.org/docs/cve-2021-25215" ], "name": "CVE-2021-25215", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2422\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2422" ], "name": "CVE-2019-2422", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (integer overflow and application crash) via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm.", "An integer wraparound has been discovered in the Binary File Descriptor (BFD) library distributed in GNU Binutils up to version 2.30. An attacker could cause a crash by providing an ELF file with corrupted DWARF debug information." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7568\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7568" ], "name": "CVE-2018-7568", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "status": "verified" }, "details": [ "Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.", "A flaw was found in the Linux kernel’s implementation of wireless drivers for the Intel PROset wireless hardware. This flaw allows an unauthorized attacker within the wireless radio range to cause the driver and the system to disconnect from the wireless network, triggering the operating system to lose network connectivity while the system is not connected. The highest threat from this vulnerability is system availability." ], "upstream_fix": "kernel 5.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0136\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0136" ], "name": "CVE-2019-0136", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2005-01-04T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.", "A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2005-1080\nhttps://nvd.nist.gov/vuln/detail/CVE-2005-1080" ], "name": "CVE-2005-1080", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-01-17T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-646", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21843\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21843" ], "name": "CVE-2023-21843", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.", "A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7942\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7942" ], "name": "CVE-2015-7942", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7177\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7177\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-325", "details": [ "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)." ], "statement": "1 For this issue to be exploitable, the (server) application using the OpenSSL library needs to use it incorrectly.\n2. There are multiple other requirements for the attack to succeed: \n- The ciphersuite used must be obsolete CBC cipher without a stitched implementation (or the system be in FIPS mode)\n- the attacker has to be a MITM\n- the attacker has to be able to control the client side to send requests to the buggy server on demand", "upstream_fix": "openssl 1.0.2r", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-1559\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-1559\nhttps://github.com/RUB-NDS/TLS-Padding-Oracles\nhttps://www.openssl.org/news/secadv/20190226.txt" ], "name": "CVE-2019-1559", "mitigation": { "value": "As a workaround you can disable SHA384 if applications (compiled with OpenSSL) allow for adjustment of the ciphersuite string configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-253->CWE-476", "details": [ "An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference", "A flaw was found in the Linux kernel’s implementation of Extended Display Identification Data (EDID) technology. A firmware identifier string is duplicated with the kstrdup function, and the allocation may fail under very low memory conditions. An attacker could abuse this flaw by causing a Denial of Service and crashing the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12382\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12382" ], "name": "CVE-2019-12382", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-334", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22041\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22041" ], "name": "CVE-2023-22041", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-138", "details": [ "The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges belden as the original reporter.", "upstream_fix": "firefox 78.1, firefox 79, thunderbird 78.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15658\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15658\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658" ], "name": "CVE-2020-15658", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An integer overflow in path handling lead to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." ], "upstream_fix": "thunderbird 60.5.1, firefox ESR 60.5.1, firefox 65.0.1, chromium-browser 71.0.3578.80", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18356\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18356\nhttps://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-04/#CVE-2018-18356\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-05/#CVE-2018-18356\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18356" ], "name": "CVE-2018-18356", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application.", "A vulnerability was discovered in tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application." ], "upstream_fix": "tomcat 7.0.76, tomcat 8.0.42, tomcat 8.5.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5648\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5648" ], "name": "CVE-2017-5648", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests.", "It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15594\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15594" ], "name": "CVE-2018-15594", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-862", "details": [ "An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.", "An issue was discovered in the Linux kernel where an incorrect access check in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16597\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16597" ], "name": "CVE-2018-16597", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-29T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.", "It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5118\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5118" ], "name": "CVE-2016-5118", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT during an attempt at memory allocation for an Exiv2::Internal::PngChunk::zlibUncompress call." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10958\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10958" ], "name": "CVE-2018-10958", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-120", "details": [ "An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ivan Fratric as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5159\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5159\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159" ], "name": "CVE-2018-5159", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.", "Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. In a default or common use of Red Hat Enterprise Linux 7 and MRG-2 this issue does not allow an unprivileged local or remote user to elevate their privileges on the system.\nIn order to exploit this issue the attacker needs CAP_NET_ADMIN capability, which needs to be granted especially by the administrator to the attacker's process. This in turn requires granting CAP_NET_ADMIN capability to the process' binary and/or attacker's account.\nAnother possibility to obtain CAP_NET_ADMIN capability in Red Hat Enterprise Linux 7 for an attacker is running a process inside a user+network namespace with mapped root privileges inside the namespace. Since Red Hat Enterprise Linux 7 does not have unprivileged user namespaces enabled by default, local or remote unprivileged users also cannot abuse namespaces to grant this capability to themselves and elevate their privileges.\nGiven the severity of this issue, future Linux kernel updates for the Red Hat Enterprise Linux 7 and MRG-2 products are planned to address it.", "acknowledgement": "Red Hat would like to thank Chaitin Security Research Lab for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7184\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7184" ], "name": "CVE-2017-7184", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-401->CWE-416", "details": [ "An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040.", "A vulnerability was found in sg_write in drivers/scsi/sg.c in the SCSI generic (sg) driver subsystem. This flaw allows an attacker with local access and special user or root privileges to cause a denial of service if the allocated list is not cleaned with an invalid (Sg_fd * sfp) pointer at the time of failure, also possibly causing a kernel internal information leak problem." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12770\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12770" ], "name": "CVE-2020-12770", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "public_date": "2023-09-25T00:00:00Z", "cvss3": { "cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "status": "verified" }, "cwe": "CWE-122", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863." ], "statement": "This flaw was found to be a duplicate of CVE-2023-4863. Please see https://access.redhat.com/security/cve/CVE-2023-4863 for information about affected products and security errata.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5129\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5129\nhttps://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76\nhttps://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a" ], "name": "CVE-2023-5129", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-440", "details": [ "matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This issue has been fixed in matrix-js-sdk 19.4.0 and users are advised to upgrade. Users unable to upgrade may mitigate this issue by redacting applicable events, waiting for the sync processor to store data, and restarting the client. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Thunderbird users who use the Matrix chat protocol being vulnerable to a denial of service attack. An adversary sharing a room with a user could attack affected clients, making it not show all of a user's rooms or spaces and causing minor temporary corruption." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Val Lorentz as the original reporter.", "upstream_fix": "thunderbird 102.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-36059\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36059\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-36059" ], "name": "CVE-2022-36059", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-12T05:40:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.", "A flaw was found in the Linux kernel loose validation of child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process." ], "acknowledgement": "Red Hat would like to thank Adam Zabrocki for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12826\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12826\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1e7fd6462ca9fc76650fbe6ca800e35b24267da\nhttps://lists.openwall.net/linux-kernel/2020/03/24/1803\nhttps://www.openwall.com/lists/kernel-hardening/2020/03/25/1" ], "name": "CVE-2020-12826", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive \"git clone\" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.", "An option injection flaw has been discovered in git when it recursively clones a repository with sub-modules. A remote attacker may configure a malicious repository and trick a user into recursively cloning it, thus executing arbitrary commands on the victim's machine." ], "statement": "OpenShift Container Platform (OCP) source-to-image uses the git client packaged with the OCP container images. Since RHEL7 and its associated images are impacted, source-to-image is also impacted. The atomic-openshift package running on the masters controls the code that determines the source-to-image build image in use, therefore a cluster update is required to patch this issue. Full instructions will be provided in Security Errata provided for this issue.\nIn OCP 3.6 and earlier, source-to-image executes in a privileged container on the node. Therefore the severity of this CVE is important for these versions. OCP 3.7 and later execute source-to-image git pulls in an unprivileged init container.", "upstream_fix": "git 2.17.2, git 2.15.3, git 2.18.1, git 2.19.1, git 2.14.5, git 2.16.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17456\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17456" ], "name": "CVE-2018-17456", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-10-26T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.", "It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries." ], "acknowledgement": "This issue was discovered by William Brown (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5405\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5405" ], "name": "CVE-2016-5405", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-119", "details": [ "A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in postgresql. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Writing arbitrary bytes to a wide area of server memory can provide a powerful primitive that could ultimately lead to remote code execution. For this reason this flaw has been rated as having a security impact of Important. The versions of `postgresql` as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Software Collections are all affected by this flaw. A future update may address this issue.", "acknowledgement": "Upstream acknowledges Tom Lane as the original reporter.", "upstream_fix": "postgresql 10.17, postgresql 11.12, postgresql 9.6.22, postgresql 13.3, postgresql 12.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-32027\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32027\nhttps://www.postgresql.org/support/security/CVE-2021-32027/" ], "name": "CVE-2021-32027", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2791\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2791\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2791", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-03-21T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation." ], "statement": "This issue does not affect the version of thunderbird package as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0818\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0818\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-28" ], "name": "CVE-2015-0818", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.", "It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning." ], "upstream_fix": "httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8743\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8743\nhttps://httpd.apache.org/security/vulnerabilities_24.html#2.4.25" ], "name": "CVE-2016-8743", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-367", "details": [ "A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." ], "upstream_fix": "firefox 78.13, thunderbird 78.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29986\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29986" ], "name": "CVE-2021-29986", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8535\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8535" ], "name": "CVE-2019-8535", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function.", "A denial of service flaw was found in the way OpenSSL verified certain signed messages using CMS (Cryptographic Message Syntax). A remote attacker could cause an application using OpenSSL to use excessive amounts of memory by sending a specially crafted message for verification." ], "statement": "This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1792\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1792" ], "name": "CVE-2015-1792", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Constructing audio sinks could have led to a race condition when playing audio files and closing windows. This could have lead to a use-after-free issue, causing a potentially exploitable crash." ], "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22737\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22737" ], "name": "CVE-2022-22737", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Georg Koppen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5252\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5252\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-67.html" ], "name": "CVE-2016-5252", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2684\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2684" ], "name": "CVE-2019-2684", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "firefox 115.9, thunderbird 115.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2612\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2612\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2612\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2612" ], "name": "CVE-2024-2612", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-14T17:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-203->CWE-385", "details": [ "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12126\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12126\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" ], "csaw": true, "name": "CVE-2018-12126" }, { "threat_severity": "Low", "public_date": "2018-07-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp." ], "statement": "This issue affects the versions of qt5-qtsvg and qt as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19869\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19869" ], "name": "CVE-2018-19869", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-822", "details": [ "PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.", "A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Heikki Linnakangas as the original reporter.", "upstream_fix": "postgresql 9.2.18, postgresql 9.5.4, postgresql 9.1.23, postgresql 9.4.9, postgresql 9.3.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5423\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5423" ], "name": "CVE-2016-5423", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1835\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1835" ], "name": "CVE-2016-1835", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Andreea Pavel, Anne van Kesteren, Aral Yaman, Bob Clary, Chun-Min Chang, Gary Kwong, Jonathan Kew, and Masayuki Nakano as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9788\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9788\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9788" ], "name": "CVE-2019-9788", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-704", "details": [ "An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn invalid downcast from `nsTextNode` to `SVGElement` could have lead to undefined behavior." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25737\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25737\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25737\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25737" ], "name": "CVE-2023-25737", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2781\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2781" ], "name": "CVE-2020-2781", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.", "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to an uncaught exception issue. It could occur if an L2 guest was to throw an exception which is not handled by an L1 guest." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9588\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9588" ], "name": "CVE-2016-9588", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-10T13:55:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", "A flaw was found in the firmware of some Intel Bluetooth devices. This may allow an unauthenticated attacker within Bluetooth range to overflow a buffer and corrupt memory leading to a crash or privilege escalation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12321\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12321\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html" ], "name": "CVE-2020-12321", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11047\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11047" ], "name": "CVE-2020-11047", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-06-11T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier.", "A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash." ], "statement": "This issue does NOT affect the version of OpenSSL package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1791\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1791" ], "name": "CVE-2015-1791", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-10-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nDrivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges pwn2car as the original reporter.", "upstream_fix": "firefox 115.4, thunderbird 115.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5724\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5724\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5724\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5724" ], "name": "CVE-2023-5724", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16393\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16393\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16393", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.", "A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-47629\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-47629\nhttps://gnupg.org/blog/20221017-pepe-left-the-ksba.html" ], "name": "CVE-2022-47629", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read." ], "upstream_fix": "thunderbird 78.6, firefox 78.6, chromium-browser 87.0.4280.88", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-16042\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-16042\nhttps://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html" ], "name": "CVE-2020-16042", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.", "A heap buffer overflow flaw was found in libsndfile. This flaw allows an attacker to execute arbitrary code via a crafted WAV file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "upstream_fix": "libsndfile 1.0.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3246\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3246" ], "name": "CVE-2021-3246", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-05-28T00:00:00Z", "cvss": { "cvss_base_score": "1.4", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-456->CWE-201", "details": [ "Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.", "A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request." ], "statement": "This issue does not affect the version of samba as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of samba3x as shipped with Red Hat Enterprise Linux 5. This issue affects the version of samba4 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having Low security impact, a future update may address this flaw.", "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Christof Schmitt as the original reporter.", "upstream_fix": "samba 4.1.8, samba 4.0.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0178\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0178\nhttp://www.samba.org/samba/security/CVE-2014-0178" ], "name": "CVE-2014-0178", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-07-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-304", "details": [ "The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumption) via a long and duplicative list in the ssh -oKbdInteractiveDevices option, as demonstrated by a modified client that provides a different password for each pam element on this list.", "It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks." ], "statement": "This issue does not affect the default OpenSSH sshd configuration in Red Hat Enterprise Linux 4, 5, 6 and 7.", "upstream_fix": "openssh 7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5600\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5600\nhttps://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/" ], "name": "CVE-2015-5600", "mitigation": { "value": "This issue can be mitigated by disabling keyboard-interactive authentication method. That can be achieved by setting \"ChallengeResponseAuthentication no\" in the /etc/ssh/sshd_config configuration file and restarting the sshd service.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the HDLC_PPP module of the Linux kernel. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw is rated as a having Moderate impact, because the bug can be triggered only if PPP protocol enabled.", "acknowledgement": "Red Hat would like to thank ChenNan Of Chaitin (Security Research Lab) for reporting this issue.", "upstream_fix": "Linux kernel 5.9-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25643\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25643\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=66d42ed8b25b64eb63111a2b8582c5afc8bf1105" ], "name": "CVE-2020-25643", "mitigation": { "value": "To mitigate this issue, prevent modules hdlc_ppp, syncppp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted.", "A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service." ], "upstream_fix": "systemd 234", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1049\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1049" ], "name": "CVE-2018-1049", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2796\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2796" ], "name": "CVE-2018-2796", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-129", "details": [ "An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).", "A memory corruption flaw was found in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Framebuffer Console in the Linux kernel. This flaw allows a local attacker to crash the system, leading to a denial of service." ], "upstream_fix": "Kernel 6.3-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-38409\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38409\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=fffb0b52d5258554c645c966c6cbef7de50b851d" ], "name": "CVE-2023-38409", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module \"fbcon\" onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.", "A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4653\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4653" ], "name": "CVE-2014-4653", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled.", "It was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges David Keeler as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2741\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2741\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-67.html" ], "name": "CVE-2015-2741", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-356", "details": [ "Plaintext of decrypted emails can leak through by user submitting an embedded form by pressing enter key within a text input field. This vulnerability affects Thunderbird < 52.9." ], "upstream_fix": "thunderbird 52.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12374\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12374" ], "name": "CVE-2018-12374", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-10T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.", "A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface." ], "statement": "This issue affects the version of cups package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank CERT/CC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1159\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1159" ], "name": "CVE-2015-1159", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-401|CWE-404)", "details": [ "A vulnerability, which was classified as problematic, has been found in X.org Server. Affected by this issue is the function ProcXkbGetKbdByName of the file xkb/xkb.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211052.", "A flaw was found in the xorg-x11-server package. The ProcXkbGetKbdByName function in xkb/xkb.c does not release allocated data when an error is encountered, allowing for a memory leak." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-3551\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3551" ], "name": "CVE-2022-3551", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-24T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c." ], "statement": "This issue affects the versions of openssh as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 (versions 7.3 and earlier). For Red Hat Enterprise Linux 7 (versions 7.4 and later), this issue was fixed by the Security Advisory RHSA-2017:2029. For Red Hat Enterprise Linux 6, Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10708\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10708" ], "name": "CVE-2016-10708", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-06-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page." ], "upstream_fix": "thunderbird 78.12, firefox 78.12, chromium-browser 91.0.4472.101", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-30547\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30547" ], "name": "CVE-2021-30547", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-02-20T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions.", "It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter." ], "statement": "This issued does not affect Red Hat Enterprise Linux 5 because we do not provide support for Atheros 9k wireless network adapters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2672\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2672" ], "name": "CVE-2014-2672", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4868\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4868\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4868", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.", "A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly impersonate AF_VSOCK messages destined to other clients or leak kernel memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14625\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14625" ], "name": "CVE-2018-14625", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3136\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3136" ], "name": "CVE-2018-3136", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.", "An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17972\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17972" ], "name": "CVE-2018-17972", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." ], "statement": "This issue did not affect the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20099\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20099" ], "name": "CVE-2018-20099", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-425", "details": [ "A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA website could have obscured the fullscreen notification by using a combination of `window.open`, fullscreen requests, `window.name` assignments, and `setInterval` calls. This could have led to user confusion and possible spoofing attacks." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 102.10, firefox 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-29533\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29533\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29533" ], "name": "CVE-2023-29533", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-06-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-393", "details": [ "If there was a PAC URL set and the server that hosts the PAC was not reachable, OCSP requests would have been blocked, resulting in incorrect error pages being shown. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that if a PAC URL was set and the server that hosts the PAC was not reachable, OCSP requests are blocked, resulting in incorrect error pages being shown." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Laurent Bigonville as the original reporter.", "upstream_fix": "thunderbird 102, thunderbird 91.11, firefox 91.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-34472\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34472\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34472" ], "name": "CVE-2022-34472", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-29T04:41:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-287->CWE-306", "details": [ "It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely.", "A flaw was found in nmcli, where the command-line interface to the NetworkManager did not accept the 802-1x.ca-path and 802-1x.phase2-ca-path settings when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and an insecure connection occurs." ], "upstream_fix": "NetworkManager 1.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10754\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10754" ], "name": "CVE-2020-10754", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.", "A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses." ], "statement": "This issue in OpenSSH is mitigated by the usage of SELinux in Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6210\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6210" ], "name": "CVE-2016-6210", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-450", "details": [ "Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nDue to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tom Schuster as the original reporter.", "upstream_fix": "thunderbird 102.7, firefox 102.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-23598\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-23598\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23598\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23598" ], "name": "CVE-2023-23598", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8684\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8684\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8684", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-23T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ademar Nowasky Junior as the original reporter.", "upstream_fix": "thunderbird 78.8, firefox 78.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23968\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23968\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23968" ], "name": "CVE-2021-23968", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.", "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9242\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9242" ], "name": "CVE-2017-9242", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2590\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2590" ], "name": "CVE-2020-2590", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-415", "details": [ "A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.", "A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash." ], "acknowledgement": "This issue was discovered by Chandan Pinjani (Red Hat).", "upstream_fix": "389-ds-base 2.2.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4091\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4091" ], "name": "CVE-2021-4091", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-662->CWE-122", "details": [ "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.", "A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the \"apache\" user." ], "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0226\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0226\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0226", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10372\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10372" ], "name": "CVE-2018-10372", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "(CWE-287|CWE-322)", "details": [ "Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-js-sdk implementing a too permissive key forwarding strategy on the receiving end. Starting with version 19.7.0, the default policy for accepting key forwards has been made more strict in the matrix-js-sdk. matrix-js-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately, for example, by showing a warning for such messages. This attack requires coordination between a malicious homeserver and an attacker, and those who trust your homeservers do not need a workaround.", "A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. A malicious server administrator could fake encrypted messages to look as if they were sent from another user on that server." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Benjamin Dowling (Security of Advanced Systems Group University of Sheffield), Martin R. Albrecht and Dan Jones (Information Security Group at Royal Holloway University London), and Sofía Celi (Brave Software) as the original reporters.", "upstream_fix": "thunderbird 102.3.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-39249\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39249\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-43/#CVE-2022-39249" ], "name": "CVE-2022-39249", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frederik Braun as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7798\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7798\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7798" ], "name": "CVE-2017-7798", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when reusing existing popups; Firefox allowed them to cover the fullscreen notification UI, which possibly enabled browser spoofing attacks." ], "upstream_fix": "thunderbird 91.9, firefox 91.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29914\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29914" ], "name": "CVE-2022-29914", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.", "It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0475\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0475\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0475", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-248", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2754\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2754" ], "name": "CVE-2020-2754", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.", "A flaw was found in the Linux kernel's implementation of the XFS filesystem. A key data structure (sb->s_fs_info) may not be de-allocated when the system is under memory pressure. This same data structure is then used at a later time during filesystem operations. This could allow a local attacker who is able to groom memory to place an attacker-controlled data structure in this location and create a use-after-free situation which can result in memory corruption or privilege escalation." ], "statement": "Red Hat Enterprise Linux 7.6.z had fixed this flaw mid release without it being recognised as a CVE. Prior releases of Red Hat Enterprise Linux EUS/AUS will still require the fix to be secure. Trackers have been made and fixes will be available as part of the standard release cycle.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20976\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20976" ], "name": "CVE-2018-20976", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21360\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21360" ], "name": "CVE-2022-21360", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngchunk_int.cpp may cause a denial of service (application crash due to a heap-based buffer over-read) via a crafted PNG file." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6 and 7.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19535\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19535" ], "name": "CVE-2018-19535", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests.", "It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request." ], "acknowledgement": "Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1000110\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000110" ], "name": "CVE-2016-1000110", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-567", "details": [ "A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9819\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9819\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9819" ], "name": "CVE-2019-9819", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Tsubasa Iinuma as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7214\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7214\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-149.html" ], "name": "CVE-2015-7214", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-193->CWE-125", "details": [ "FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9664\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9664" ], "name": "CVE-2014-9664", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-07T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.", "A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind." ], "upstream_fix": "krb5 1.11.6, krb5 1.12.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4345\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4345\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt" ], "name": "CVE-2014-4345", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Byron Campen, Carsten Book, Christoph Diehl, Dan Minor, Jon Coppeard, Mozilla developers, Philipp, Steve Fink, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5257\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5257\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5257", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-10-03T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "details": [ "The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.", "It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9278\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9278" ], "name": "CVE-2014-9278", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.", "An out of bounds read vulnerability was discovered in the way exiv2 parses Canon raw format (CRW) images. An application that uses exiv2 library to parse untrusted images may be vulnerable to this flaw, which could be used by an attacker to extract data from the application's memory or make it crash. The biggest threat with this vulnerability is availability of the system." ], "upstream_fix": "exiv2 0.27.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17402\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17402" ], "name": "CVE-2019-17402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8594\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8594\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8594", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support.", "It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7.", "upstream_fix": "OpenSSL 1.0.0p, OpenSSL 1.0.1k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0205\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0205\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2015-0205", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nOwnership mismanagement led to a use-after-free in ReadableByteStreams" ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yangkang of 360 ATA Team as the original reporter.", "upstream_fix": "firefox 115.5, thunderbird 115.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6207\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6207\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6207\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6207" ], "name": "CVE-2023-6207", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-434", "details": [ "Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1." ], "upstream_fix": "thunderbird 115.0.1, thunderbird 102.13.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3417\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3417\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-27/#CVE-2023-3417\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-28/#CVE-2023-3417" ], "name": "CVE-2023-3417", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-356", "details": [ "OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nOCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Menzel as the original reporter.", "upstream_fix": "thunderbird 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-0547\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0547\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547" ], "name": "CVE-2023-0547", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3856\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3856\nhttps://www.libssh2.org/CVE-2019-3856.html" ], "name": "CVE-2019-3856", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8." ], "upstream_fix": "thunderbird 52.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5161\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5161\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161" ], "name": "CVE-2018-5161", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-444", "details": [ "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value.", "A flaw was found in squid. A trusted client is able to perform a request smuggling and poison the HTTP cache contents with crafted HTTP(S) request messages. This attack requires an upstream server to participate in the smuggling and generate the poison response sequence. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This issue has been rated as having moderate security impact, (despite of having a higher CVSS scoring) because the attack requires an upstream server to participate in the smuggling attack and generate the poison response sequence, which is really uncommon because most popular software are not vulnerable to participation in this attack. While the vulnerability does exists in squid, it is not easily exploitable and requires participation of other components on the network.", "upstream_fix": "squid 4.12, squid 5.0.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15049\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15049\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5" ], "name": "CVE-2020-15049", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, when running with logger set to \"WLOG_TRACE\", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11019\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11019" ], "name": "CVE-2020-11019", "mitigation": { "value": "This flaw can be mitigated by not setting the logging level to \"trace\" on the freerdp server.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.", "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory." ], "acknowledgement": "Upstream acknowledges Pedro Gallegos as the original reporter.", "upstream_fix": "PostgreSQL 16.1, PostgreSQL 15.5, PostgreSQL 14.10, PostgreSQL 13.13, PostgreSQL 12.17, PostgreSQL 11.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5869\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5869\nhttps://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\nhttps://www.postgresql.org/support/security/CVE-2023-5869/" ], "name": "CVE-2023-5869", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-908", "details": [ "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().", "A flaw was found in libwebp. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7 and 8 as they embed the fixed version of libwebp.", "upstream_fix": "libwebp 1.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-25014\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-25014" ], "name": "CVE-2018-25014", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-08-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable.", "It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes." ], "upstream_fix": "systemd 237", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16888\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16888" ], "name": "CVE-2018-16888", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service." ], "upstream_fix": "net-snmp 5.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18066\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18066" ], "name": "CVE-2018-18066", "mitigation": { "value": "Configuring snmp with a secret community string makes this attack much more difficult to perform, as the attacker must guess the community string in order to exploit the vulnerability.\nProtecting the snmp service with host firewall rules to prevent unauthorized hosts from sending messages to the snmp service will prevent this attack being carried out by users of other hosts on the network.\nEither or both of these steps is recommended to prevent potential attackers from gaining extra information about network devices and topology, and from causing undue load to snmp services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2803\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2803" ], "name": "CVE-2020-2803", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-02T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in grub2. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "Red Hat would like to thank Chris Coulson (Canonical) for reporting this issue.", "upstream_fix": "grub 2.06", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-27749\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27749" ], "name": "CVE-2020-27749", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-697", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-2388\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-2388" ], "name": "CVE-2021-2388", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa. NOTE: Someone in the security community disagrees that this is a vulnerability because the issue “is a bug in parsing mount options which can only be specified by a privileged user, so triggering the bug does not grant any powers not already held.”", "An out-of-bounds write flaw was found in the Linux kernel. An empty nodelist in mempolicy.c is mishandled durig mount option parsing leading to a stack-based out-of-bounds write. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11565\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11565" ], "name": "CVE-2020-11565", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14797\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14797" ], "name": "CVE-2020-14797", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u221, 8u212 and 11.0.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2745\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2745" ], "name": "CVE-2019-2745", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-16T00:00:00Z", "cvss": { "cvss_base_score": "2.4", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.", "A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 (as they did not include support for netfilter tables API).\nThis issue affects the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1573\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1573" ], "name": "CVE-2015-1573", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8816\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8816", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.", "A flaw was found in the Linux kernel, where there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer. An attacker who can hotplug at least two devices of this class can cause a use-after-free situation." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19537\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19537" ], "name": "CVE-2019-19537", "mitigation": { "value": "Many Character devices can trigger this flaw as they leverage the lower levels of the USB subsystem.\nThe safest method that I have found would be to disable USB ports that are able to be attacked\nusing this method, disable them first by disallowing them from waking up from low-power states \nwith the command (Replace X with the port number available).\necho disabled >> /sys/bus/usb/devices/usbX/power/wakeup \nThe system must also disable the specific ports power after with the command:\necho suspend | sudo tee /sys/bus/usb/devices/usbX/power/level\nThis change not persist through system reboots and must be applied at each reboot to be effective.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9667\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9667" ], "name": "CVE-2014-9667", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-667", "details": [ "Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.", "A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6.\nThis issue affects the Linux kernel packages kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4170\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4170" ], "name": "CVE-2015-4170", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-10-24T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-450", "details": [ "An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Ebert as the original reporter.", "upstream_fix": "firefox 115.4, thunderbird 115.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5732\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5732\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5732" ], "name": "CVE-2023-5732", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-252", "details": [ "An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn unchecked return value in TLS handshake code could have caused a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "firefox 115.9, thunderbird 115.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0743\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0743\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-0743\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-0743" ], "name": "CVE-2024-0743", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", "An out-of-bounds (OOB) memory access flaw was found in the Netfilter module in the Linux kernel's nft_byteorder_eval in net/netfilter/nft_byteorder.c. A bound check failure allows a local attacker with CAP_NET_ADMIN access to cause a local privilege escalation issue due to incorrect data alignment." ], "statement": "Exploiting this flaw will require the CAP_NET_ADMIN access privilege in any user or network namespace.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-35001\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35001\nhttps://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/\nhttps://www.openwall.com/lists/oss-security/2023/07/05/3" ], "name": "CVE-2023-35001", "mitigation": { "value": "To mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel netfilter module. \nFor instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nBy monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Satoki Tsuji as the original reporter.", "upstream_fix": "firefox 115.12, thunderbird 115.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-5690\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5690\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5690\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5690" ], "name": "CVE-2024-5690", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox=\"allow-scripts\" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nikita Arykov as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5262\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5262\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-76.html" ], "name": "CVE-2016-5262", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7189\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7189\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-123.html" ], "name": "CVE-2015-7189", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2603\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2603" ], "name": "CVE-2018-2603", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "statement": "Firefox on Red Hat Enterprise Linux is built against the system nss library.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jonas Allmann as the original reporter.", "upstream_fix": "nss 3.45", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11729\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11729\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729" ], "name": "CVE-2019-11729", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122->CWE-787", "details": [ "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow." ], "acknowledgement": "Red Hat would like to thank ManhND (Tarantula Team) and VinCSS (Vingroup) for reporting this issue.", "upstream_fix": "perl 5.30.3, perl 5.28.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10543\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10543" ], "name": "CVE-2020-10543", "mitigation": { "value": "To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur while manipulating video elements if the body is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 60.9, firefox 68.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11746\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11746\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746" ], "name": "CVE-2019-11746", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-01-29T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Christian Holler, Christoph Diehl, Gary Kwong, Jason Kratzer, and Steven Crane as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18501\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18501\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18501" ], "name": "CVE-2018-18501", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2012-11-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo." ], "upstream_fix": "jQuery UI 1.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2012-6662\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6662" ], "name": "CVE-2012-6662", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service", "A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a libcurl client application via a specially crafted LDAP reply." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Dario Weisser as the original reporter.", "upstream_fix": "curl 7.59.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000121\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000121\nhttps://curl.haxx.se/docs/adv_2018-97a2.html" ], "name": "CVE-2018-1000121", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 102.13, firefox 102.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-37201\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37201\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201" ], "name": "CVE-2023-37201", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.", "Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "upstream_fix": "kernel 4.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-0861\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-0861" ], "name": "CVE-2017-0861", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-24T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allows L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842.", "It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way." ], "statement": "This issue did not affect the kvm packages as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Nadav Amit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2010-5313\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5313" ], "name": "CVE-2010-5313", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-25T06:30:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-1239", "details": [ "An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.", "A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-20593\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20593\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=522b1d69219d8f083173819fde04f994aa051a98\nhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html" ], "name": "CVE-2023-20593", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2014-05-27T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-611", "details": [ "java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", "It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information." ], "statement": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Low security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "tomcat 7.0.53, tomcat 6.0.41", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0096\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0096" ], "name": "CVE-2014-0096", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-15T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.", "Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, MRG-2 and realtime kernels. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10208\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10208" ], "name": "CVE-2016-10208", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-10T06:36:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-131", "details": [ "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.", "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them." ], "acknowledgement": "Red Hat would like to thank Kirill Tkhai (Virtuozzo Kernel team) for reporting this issue.", "upstream_fix": "Kernel 5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4155\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4155\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=983d8e60f50806f90534cc5373d0ce867e5aaf79" ], "name": "CVE-2021-4155", "mitigation": { "value": "This issue can be mitigated by ensuring xfs_alloc_file_space is not called with \"0\" as an argument.\nThis can be done with a SystemTap script (which resets \"0\" with XFS_BMAPI_PREALLOC), below are the steps:\n1) Save the following script in a 'CVE-2021-4155.stp' file\n--- On Red Hat Enterprise Linux 6 ---\nprobe module(\"xfs\").function(\"xfs_alloc_file_space\") {\nif ($alloc_type == 0)\n$alloc_type = 0x40;# XFS_BMAPI_PREALLOC\n}\n--- On Red Hat Enterprise Linux 6 ---\n--- On Red Hat Enterprise Linux 7 onwards ---\nprobe module(\"xfs\").function(\"xfs_alloc_file_space\") {\nif ($alloc_type == 0)\n$alloc_type = 0x8;# XFS_BMAPI_PREALLOC\n}\n--- On Red Hat Enterprise Linux 7 onwards ---\n2) Install systemtap package and its dependencies\n# yum install -y systemtap systemtap-runtime\n# yum install -y kernel-devel kernel-debuginfo\n3) Build the mitigation kernel module as root.\n# stap -r `uname -r` -m cve_2021_4155.ko -g CVE-2021-4155.stp -p4\n4) Load the mitigation module as root\n# staprun -L cve_2021_4155.ko\nWhat is SystemTap and how to use it?\nhttps://access.redhat.com/solutions/5441", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when listeners are removed from the event listener manager while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11692\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11692\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11692" ], "name": "CVE-2019-11692", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-20T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-440", "details": [ "The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing \"$((`...`))\".", "It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application." ], "statement": "This issue affects the version of glibc package as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact.\nRed Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata", "acknowledgement": "This issue was discovered by Tim Waugh (Red Hat Developer Experience Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7817\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7817" ], "name": "CVE-2014-7817", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-07-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.", "A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to system availability." ], "statement": "Red Hat Certificate System 10.0 as well as Red Hat Enterprise Linux 8's Identity Management, are using a vulnerable version of Tomcat, bundled into the pki-servlet-engine component. However, there is no entry point for WebSockets, thus it is not possible to trigger the flaw in a supported setup. A future update may fix the code. Similarly, Red Hat OpenStack Platform 13 does not ship with WebSocket functionality enabled by default.", "upstream_fix": "tomcat 10.0.0-M7, tomcat 9.0.37, tomcat 8.5.57, tomcat 7.0.105", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13935\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13935\nhttp://mail-archives.apache.org/mod_mbox/tomcat-announce/202007.mbox/%3C39e4200c-6f4e-b85d-fe4b-a9c2bd5fdc3d%40apache.org%3E\nhttp://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M7\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.105\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.37" ], "name": "CVE-2020-13935", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.", "It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates." ], "acknowledgement": "This issue was discovered by Christina Fu (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7537\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7537" ], "name": "CVE-2017-7537", "csaw": false }, { "threat_severity": "Critical", "public_date": "2022-01-31T00:00:00Z", "cvss3": { "cvss3_base_score": "9.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide \"...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.\" Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.", "An out-of-bounds heap read write vulnerability was found in Samba. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module (vfs_fruit), a remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and execute arbitrary code with root privileges." ], "acknowledgement": "Red Hat would like to thank Orange Tsai (DEVCORE) for reporting this issue. Upstream acknowledges the Samba project as the original reporter.", "upstream_fix": "samba 4.13.17, samba 4.14.12, samba 4.15.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-44142\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-44142\nhttps://www.samba.org/samba/security/CVE-2021-44142.html" ], "name": "CVE-2021-44142", "mitigation": { "value": "As a workaround remove the \"fruit\" VFS module from the list of configured VFS objects in any \"vfs objects\" line in the Samba configuration smb.conf.\nNote that changing the VFS module settings fruit:metadata or fruit:resource to use the unaffected setting causes all stored information to be inaccessible and will make it appear to macOS clients as if the information is lost.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-27T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "(CWE-290|CWE-347)", "details": [ "GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15587\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15587" ], "name": "CVE-2018-15587", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Thomas Imbert as the original reporter.", "upstream_fix": "firefox 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6796\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6796\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796" ], "name": "CVE-2020-6796", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.\nNote: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21094\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21094\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21094", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of \"data:\" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges insertscript as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9900\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9900\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9900" ], "name": "CVE-2016-9900", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-280", "details": [ "A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Axel Chong (@Haxatron) as the original reporter.", "upstream_fix": "thunderbird 102.14, thunderbird 115.1, firefox 115.1, firefox 102.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4047\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4047\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4047\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4047\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047" ], "name": "CVE-2023-4047", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "When loading the shared library that provides the OTR protocol implementation, Thunderbird will initially attempt to open it using a filename that isn't distributed by Thunderbird. If a computer has already been infected with a malicious library of the alternative filename, and the malicious library has been copied to a directory that is contained in the search path for executable libraries, then Thunderbird will load the incorrect library. This vulnerability affects Thunderbird < 78.9.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tuan Vu Pham as the original reporter.", "upstream_fix": "thunderbird 78.9.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29949\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29949" ], "name": "CVE-2021-29949", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.", "The Mozilla Foundation Security Advisory describes this flaw as: Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks." ], "upstream_fix": "thunderbird 91.8, firefox 91.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-28286\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28286\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28286\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28286" ], "name": "CVE-2022-28286", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "status": "verified" }, "cwe": "CWE-126", "details": [ "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.", "A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads." ], "statement": "The Xorg server is not configured to run with root privileges in Red Hat Enterprise Linux 8 and 9. Consequently, these versions have been assigned a Moderate severity rating.", "upstream_fix": "xorg-server 21.1.12, xwayland 23.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-31080\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-31080" ], "name": "CVE-2024-31080", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-04-26T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sascha Just as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2814\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2814\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-44.html" ], "name": "CVE-2016-2814", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-772", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI.", "It was discovered that the JNDI component in OpenJDK did not handle DNS resolution errors correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4749\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4749\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4749", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.", "ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7566\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7566" ], "name": "CVE-2018-7566", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2724\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2724\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-59.html" ], "name": "CVE-2015-2724", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-357", "details": [ "A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.
    *This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.\n*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*" ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25743\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25743\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25743" ], "name": "CVE-2023-25743", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-642", "details": [ "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.", "A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7.0 and 7.1 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7.2 and newer and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "acknowledgement": "Red Hat would like to thank Andrew Aday (Columbia University), Fan Wu (The University of Hong Kong), Leilei Lin (Alibaba Group), Shankara Pailoor (Columbia University), and Shixiong Zhao (The University of Hong Kong) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7533\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7533" ], "name": "CVE-2017-7533", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2800\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2800" ], "name": "CVE-2018-2800", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-15T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.", "A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.10.3-P2, bind 9.9.8-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8000\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8000\nhttps://kb.isc.org/article/AA-01317" ], "name": "CVE-2015-8000", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.", "A use-after-free flaw was found in the Linux kernel’s input device driver functionality when unplugging a device. A user with physical access could use this flaw to crash the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19524\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19524" ], "name": "CVE-2019-19524", "mitigation": { "value": "To mitigate this issue for the Red Hat Enterprise Linux 7 or higher version, prevent module ff-memless from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-284|CWE-250)", "details": [ "The virConnectGetDomainCapabilities() libvirt API, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.", "The virConnectGetDomainCapabilities() libvirt API accepts an \"emulatorbin\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges." ], "statement": "* This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.\n* Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.", "acknowledgement": "This issue was discovered by Jan Tomko (Red Hat).", "upstream_fix": "libvirt 4.10.1, libvirt 5.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10167\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10167\nhttps://access.redhat.com/libvirt-privesc-vulnerabilities" ], "csaw": true, "name": "CVE-2019-10167", "mitigation": { "value": "The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2019-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-285", "details": [ "A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'." ], "upstream_fix": "cloud-init 19.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-0816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0816\nhttps://support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm" ], "name": "CVE-2019-0816", "mitigation": { "value": "See steps from https://support.microsoft.com/en-us/help/4491476/extraneous-ssh-public-keys-added-to-authorized-keys-file-on-linux-vm", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.", "A flaw was found in the Linux kernel. The crypto_report function mishandles resource cleanup on error. A local attacker able to induce the error conditions could use this flaw to crash the system. The highest threat from this vulnerability is to system availability." ], "statement": "This issue is rated as having Low impact because of the preconditions needed to trigger the error cleanup code path.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19062\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19062" ], "name": "CVE-2019-19062", "mitigation": { "value": "In order to mitigate this issue it is possible to prevent the affected code from being loaded by blacklisting the kernel module crypto_user. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278 .", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-21T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-732", "details": [ "A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.", "A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "acknowledgement": "This issue was discovered by Daniel P. Berrange (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10132\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10132\nhttps://security.libvirt.org/2019/0003.html" ], "name": "CVE-2019-10132", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5435\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5435\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5435" ], "name": "CVE-2017-5435", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3606\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3606\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3606", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.", "A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4495\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4495\nhttps://access.redhat.com/articles/1563163\nhttps://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-78.html" ], "csaw": true, "name": "CVE-2015-4495" }, { "threat_severity": "Moderate", "public_date": "2016-06-24T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "details": [ "The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call.", "A vulnerability in the handling of Transactional Memory on powerpc systems was found. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec() class system calls." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of the kernel packages as shipped with\nRed Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5828\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5828" ], "name": "CVE-2016-5828", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash. Versions before 8.27.0 are vulnerable.", "A denial of service vulnerability was found in rsyslog in the imptcp module. An attacker could send a specially crafted message to the imptcp socket, which would cause rsyslog to crash." ], "acknowledgement": "Red Hat would like to thank Joel Miller (Pennsylvania Higher Education Assistance Agency) for reporting this issue.", "upstream_fix": "rsyslog 8.27.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16881\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16881" ], "name": "CVE-2018-16881", "mitigation": { "value": "This vulnerability requires the \"imptcp\" module to be enabled, and listening on a port that can potentially be reached by attackers. This module is not enabled by default in Red Hat Enterprise Linux 7. To check if imptcp is enabled, look for the string `$InputPTCPServerRun`in your rsyslog configuration.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in Poppler 0.71.0. There is a reachable abort in Object.h, will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19058\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19058" ], "name": "CVE-2018-19058", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94", "details": [ "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.", "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent." ], "statement": "This issue is marked as Important as we successfully identified that it can do a Remote Code Execution atleast at some circumstances in Red Hat Enterprise Linux 6, 7, 8 and 9 and It can easily compromise the confidentiality, integrity or availability of resources.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-38408\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38408\nhttps://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt" ], "name": "CVE-2023-38408", "mitigation": { "value": "Remote exploitation required that a user establishes an SSH connection to a compromised or malicious SSH server with agent forwarding enabled. The agent forwarding is disabled by default. Review your ssh client configuration files for the use of ForwardAgent configuration directive and invocations of ssh client for the use of -A command line argument to see if agent forwarding is enabled for specific connections.\nExploitation can also be prevented by starting ssh-agent(1) with an empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that contains only specific provider libraries.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-06T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "(CWE-125|CWE-476)", "details": [ "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.", "The assoc_array_insert_into_terminal_node() function in 'lib/assoc_array.c' in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as the flaw was already fixed in the products listed.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7914\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7914" ], "name": "CVE-2016-7914", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity." ], "upstream_fix": "expat 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22825\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22825\nhttps://github.com/libexpat/libexpat/pull/539" ], "name": "CVE-2022-22825", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.\n*This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.\n*This bug only affects Firefox on X11. Other systems are unaffected.*" ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges turistu as the original reporter.", "upstream_fix": "firefox 115.5, thunderbird 115.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6208\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6208\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6208\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6208" ], "name": "CVE-2023-6208", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-11-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-1285|CWE-129|CWE-786|CWE-823)", "details": [ "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.", "A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using `--with-openssl` is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump." ], "upstream_fix": "squid 6.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-46724\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46724\nhttp://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\nhttp://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\nhttps://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3" ], "name": "CVE-2023-46724", "mitigation": { "value": "Disable the use of SSL-Bump features:\n- Remove all ssl-bump options from http_port and https_port\n- Remove all ssl_bump directives from squid.conf", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.", "A flaw was discovered in python-pillow does where it does not properly restrict operations within the bounds of a memory buffer when decoding PCX images. An application that uses python-pillow to decode untrusted images may be vulnerable to this flaw, which can allow an attacker to crash the application or potentially execute code on the system." ], "upstream_fix": "python-pillow 6.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-5312\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5312" ], "name": "CVE-2020-5312", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-04-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-444", "details": [ "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy.", "A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\\n and \\t' etc. Non-conformant parsing leads to a desync if requests pass through multiple HTTP parsers. This flaw allows a remote attacker to perform an HTTP request smuggling attack." ], "statement": "Red Hat Enterprise Linux 6 was affected but Out of Support Cycle because python-twisted was not listed in Red Hat Enterprise Linux 6 ELS Inclusion List.\nhttps://access.redhat.com/articles/4997301", "upstream_fix": "twisted 22.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-24801\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24801\nhttps://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq" ], "name": "CVE-2022-24801", "mitigation": { "value": "Filter malformed requests like '+ or -' in Content-Length header, Illegal characters like LF(\\n) and HTAB(\\t), and 0x prefixes in HTTP Headers.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-99", "details": [ "When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice." ], "upstream_fix": "tomcat 9.0.12, tomcat 8.5.34, tomcat 7.0.91", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11784\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11784\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.91\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.34\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.12" ], "name": "CVE-2018-11784", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", "A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9421\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9421\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-9421", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-02-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-838", "details": [ "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.", "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor." ], "statement": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.", "upstream_fix": "expat 2.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-25235\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25235\nhttps://blog.hartwork.org/posts/expat-2-4-5-released/" ], "name": "CVE-2022-25235", "mitigation": { "value": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-863", "details": [ "Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Oliver Wagner as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7787\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7787\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7787" ], "name": "CVE-2017-7787", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-13T07:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.", "A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user." ], "statement": "Gnome uses the ibus input framework only when the user explicitly configures it or when some input method sources are in use, like Korean from the ibus-hangul package or Chinese input methods from the ibus-libpinyin. Input methods like en-US are not handled by ibus, thus if the victim user just use them the attacker will not be able to intercept the key strokes of that user.", "acknowledgement": "Red Hat would like to thank Simon McVittie (Collabora Ltd.) for reporting this issue.", "upstream_fix": "ibus 1.5.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14822\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14822" ], "name": "CVE-2019-14822", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-25T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.", "A flaw was found in the way the Linux kernel's VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the system." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8559\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8559" ], "name": "CVE-2014-8559", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service." ], "statement": "This issue was addressed via upstream nss-3.44, which is already shipped with Red Hat Enterprise Linux 6, 7 and 8.", "upstream_fix": "nss 3.44", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17007\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17007" ], "name": "CVE-2019-17007", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when working with XMLHttpRequest (XHR) in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11691\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11691\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-11691" ], "name": "CVE-2019-11691", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL." ], "upstream_fix": "mod_auth_mellon 0.15.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13038\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13038" ], "name": "CVE-2019-13038", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-22T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-435", "details": [ "arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.", "A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future updates in the respective releases may address this flaw.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Andy Lutomirski for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5157\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5157" ], "name": "CVE-2015-5157", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (aout_32_swap_std_reloc_out NULL pointer dereference and application crash) via a crafted ELF file, as demonstrated by objcopy." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7642\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7642" ], "name": "CVE-2018-7642", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-78", "details": [ "less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.", "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases." ], "statement": "The described vulnerability in less poses an Important security risk due to its potential for arbitrary OS command execution. Exploitation of this vulnerability allows an attacker to inject malicious commands through specially crafted filenames containing newline characters. This could lead to unauthorized access, data exfiltration, or even full system compromise, depending on the privileges of the user executing the less command. Furthermore, the mishandling of the LESSOPEN environment variable exacerbates the issue, as it can be set by default in many installations, providing an additional vector for exploitation.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-32487\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-32487\nhttps://www.openwall.com/lists/oss-security/2024/04/12/5\nhttps://www.openwall.com/lists/oss-security/2024/04/13/2" ], "name": "CVE-2024-32487", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-17T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.", "The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8970\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8970" ], "name": "CVE-2015-8970", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5276\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5276\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5276", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8584\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8584\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8584", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "dDecrypted S/MIME parts hidden with CSS or the plaintext HTML tag can leak plaintext when included in a HTML reply/forward. This vulnerability affects Thunderbird < 52.9." ], "upstream_fix": "thunderbird 52.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12373\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12373" ], "name": "CVE-2018-12373", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4903\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4903\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4903", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding attack. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gabriel Corona as the original reporter.", "upstream_fix": "thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26961\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26961\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961" ], "name": "CVE-2020-26961", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NULL bytes and cause a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "firefox 115.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5171\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5171" ], "name": "CVE-2023-5171", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank Andrew McCreight, Randell Jesup, and the Mozilla project for reporting this issue. Upstream acknowledges the Mozilla Fuzzing Team as the original reporter.", "upstream_fix": "thunderbird 115.2, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4584\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4584\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4584" ], "name": "CVE-2023-4584", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-16T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.", "An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly decremented, which gave the wrong report for callers of the stat(2) syscall. This wasted metadata space and allowed for the truncated data to be leaked, and data corruption or loss to occur. A caller of the clone ioctl could exploit this flaw by using only standard file-system operations without root access to read the truncated data." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and is not currently planned to be addressed in future updates.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8374\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8374" ], "name": "CVE-2015-8374", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-08T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.", "A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash." ], "upstream_fix": "bind 9.10.1-P1, bind 9.9.6-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8500\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8500\nhttps://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html" ], "name": "CVE-2014-8500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.", "An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code." ], "upstream_fix": "openssl 1.0.2i, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2182\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2182\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2182", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges jomo as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2828\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2828\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-56.html" ], "name": "CVE-2016-2828", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-16T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow.", "A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue.", "upstream_fix": "postgresql 9.2.10, postgresql 9.1.15, postgresql 9.3.6, postgresql 9.0.19, postgresql 9.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0241\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0241\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2015-0241", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation." ], "upstream_fix": "thunderbird 91.9, firefox 91.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29911\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29911" ], "name": "CVE-2022-29911", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.", "An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the \"lp\" user." ], "upstream_fix": "cups-filters 1.0.71", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3279\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3279" ], "name": "CVE-2015-3279", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-10-31T00:00:00Z", "cvss3": { "cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter (Geeknik Labs) as the original reporter.", "upstream_fix": "curl 7.62.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16842\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16842\nhttps://curl.haxx.se/docs/CVE-2018-16842.html" ], "name": "CVE-2018-16842", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.", "A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used." ], "statement": "The Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6816\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6816" ], "name": "CVE-2023-6816", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-02-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-179", "details": [ "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor." ], "statement": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.", "upstream_fix": "expat 2.4.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-25236\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25236\nhttps://blog.hartwork.org/posts/expat-2-4-5-released/" ], "name": "CVE-2022-25236", "mitigation": { "value": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.", "A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Dave Feldman (Oracle), Jeff Warren (Oracle), and Joel Cunningham (Oracle) as the original reporters.", "upstream_fix": "bind 9.11.22, bind 9.16.6, bind 9.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8622\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8622\nhttps://kb.isc.org/docs/cve-2020-8622" ], "name": "CVE-2020-8622", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.", "A flaw was found in the way Linux kernel KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest." ], "acknowledgement": "Red Hat would like to thank Andy Lutomirski and Mika Penttilä for reporting this issue.", "upstream_fix": "kernel 4.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10853\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10853" ], "name": "CVE-2018-10853", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-03T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.", "It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate." ], "upstream_fix": "curl 7.50.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5419\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5419\nhttps://curl.haxx.se/docs/adv_20160803A.html" ], "name": "CVE-2016-5419", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8622\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8622\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8622", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.", "A vulnerability was found in X.Org. The issue occurs because the handler for the XIChangeProperty request has a length-validation issue, resulting in out-of-bounds memory reads and potential information disclosure. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with a Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46344\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46344" ], "name": "CVE-2022-46344", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.", "A flaw was found in the Linux kernel. The Marvell mwifiex driver allows a remote WiFi access point to trigger a heap-based memory buffer overflow due to an incorrect memcpy operation. The highest threat from this vulnerability is to data integrity and system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12654\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12654" ], "name": "CVE-2020-12654", "mitigation": { "value": "In order to mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel module mwifiex. For instructions relating to how to blacklist a kernel module, refer to: https://access.redhat.com/solutions/41278", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-22T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-285->CWE-200", "details": [ "libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface.", "It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file." ], "acknowledgement": "This issue was discovered by Luyao Huang (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0236\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0236\nhttp://security.libvirt.org/2015/0001.html" ], "name": "CVE-2015-0236", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71.", "A heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well." ], "statement": "Firefox and Thunderbird on Red Hat Enterprise Linux are built against the system nss library.", "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue.", "upstream_fix": "nss 3.47.1, nss 3.44.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11745\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11745\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44.3_release_notes\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47.1_release_notes" ], "name": "CVE-2019-11745", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-02-23T00:00:00Z", "cvss": { "cvss_base_score": "7.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-119", "details": [ "The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted Netlogon packets that use the ServerPasswordSet RPC API, as demonstrated by packets reaching the _netr_ServerPasswordSet function in rpc_server/netlogon/srv_netlog_nt.c.", "An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user)." ], "statement": "This issue does not affect the version of samba package as shipped with Red Hat Enterprise Linux 4 and 5. It does affect the version of samba as shipped with Red Hat Enterprise Linux 6 and 7, as well as the version of samba3x shipped with Red Hat Enterprise Linux 5 and the version of samba4 as shipped with Red Hat Enterprise Linux 6.\nRed Hat Product Security has determined that this vulnerability has Important impact on Red Hat Enterprise Linux 7 because the Samba version shipped in this version of the operating system only executes the vulnerable code after a memory allocation failure, making it more difficult to exploit this flaw.", "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges Richard van Eeden (Microsoft Vulnerability Research) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0240\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0240\nhttps://access.redhat.com/articles/1346913\nhttps://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/\nhttps://www.samba.org/samba/security/CVE-2015-0240" ], "csaw": true, "name": "CVE-2015-0240", "mitigation": { "value": "On Samba versions 4.0.0 and above, add the line:\nrpc_server:netlogon=disabled\nto the [global] section of your smb.conf. For Samba versions 3.6.x and\nearlier, this workaround is not available.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.", "A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process." ], "upstream_fix": "squid 3.5.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4555\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4555\nhttp://www.squid-cache.org/Advisories/SQUID-2016_9.txt" ], "name": "CVE-2016-4555", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-12T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-120", "details": [ "The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.", "A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association." ], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3331\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3331" ], "name": "CVE-2015-3331", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-14T17:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.", "Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3646\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3646\nhttps://access.redhat.com/articles/3562741\nhttps://access.redhat.com/security/vulnerabilities/L1TF\nhttps://foreshadowattack.eu/\nhttps://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault\nhttps://www.redhat.com/en/blog/deeper-look-l1-terminal-fault-aka-foreshadow\nhttps://www.redhat.com/en/blog/understanding-l1-terminal-fault-aka-foreshadow-what-you-need-know" ], "csaw": true, "name": "CVE-2018-3646" }, { "threat_severity": "Moderate", "public_date": "2016-05-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-77", "details": [ "The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote attackers to execute arbitrary commands via unspecified vectors.", "It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5239\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5239" ], "name": "CVE-2016-5239", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in iOS 13, Safari 13. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8674\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8674\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8674", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-356", "details": [ "Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird < 68.1 and Thunderbird < 60.9." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Damian Poddebniak, Jens Müller, Jörg Schwenk, Marcus Brinkmann, and Sebastian Schinzel as the original reporters.", "upstream_fix": "thunderbird 60.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11739\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11739\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11739" ], "name": "CVE-2019-11739", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5434\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5434\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5434" ], "name": "CVE-2017-5434", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.", "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD utilizes too broad of a set of permissions. Any user who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user." ], "statement": "Red Hat Satellite since version 6.4 uses sssd from the Red Hat Enterprise Linux repositories, where this vulnerability is fixed.", "acknowledgement": "This issue was discovered by Jakub Hrozek (Red Hat).", "upstream_fix": "SSSD 1.16.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10852\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10852\nhttps://pagure.io/SSSD/sssd/issue/3766" ], "name": "CVE-2018-10852", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2659\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2659" ], "name": "CVE-2020-2659", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-451", "details": [ "If right-to-left text is used in the addressbar with left-to-right alignment, it is possible in some circumstances to scroll this text to spoof the displayed URL. This issue could result in the wrong URL being displayed as a location, which can mislead users to believe they are on a different site than the one loaded. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Xisigr as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5117\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5117\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117" ], "name": "CVE-2018-5117", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-26T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the \"gap\" between the stack and the binary.", "A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 prior to kernel version 3.10.0-693, that is Red Hat Enterprise Linux 7.4 GA kernel version. Kernel versions after 3.10.0-693 contain the fix and are thus not vulnerable.\nThis issue affects the Linux kernel-rt packages prior to the kernel version 3.10.0-693.rt56.617 (Red Hat Enteprise Linux for Realtime) and 3.10.0-693.2.1.rt56.585.el6rt (Red Hat Enterprise MRG 2). The latest Linux kernel-rt packages as shipped with Red Hat Enterprise Linux for Realtime and Red Hat Enterprise MRG 2 are not vulnerable.\nFuture Linux kernel updates for the respective releases will address this issue.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000253\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000253\nhttps://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt" ], "csaw": true, "name": "CVE-2017-1000253", "mitigation": { "value": "By setting vm.legacy_va_layout to 1 we can effectively disable the exploitation of this issue by switching to the legacy mmap layout. The mmap allocations start much lower in the process address space and follow the bottom-up allocation model. As such, the initial PIE executable mapping is far from the reserved stack area and cannot interfere with the stack.\n64-bit processes on Red Hat Enterprise Linux 5 are forced to use the legacy virtual address space layout regardless of the vm.legacy_va_layout value.\nNote: Applications that have demands for a large linear address space (such as certain databases) may be unable to handle the legacy memory layout proposed using this mitigation. We recommend to test your systems and applications before deploying this mitigation on production systems.\nEdit the /etc/sysctl.conf file as root, and add or amend:\nvm.legacy_va_layout = 1\nTo apply this setting, run the /sbin/sysctl -p command as the root user to reload the settings from /etc/sysctl.conf.\nVerify that vm.legacy_va_layout is now set to defined value:\n$ /sbin/sysctl vm.legacy_va_layout\nvm.legacy_va_layout = 1", "lang": "en:us" } }, { "threat_severity": "Low", "public_date": "2016-01-17T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8898\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8898\nhttp://seclists.org/oss-sec/2016/q2/459\nhttps://github.com/ImageMagick/ImageMagick/pull/34" ], "name": "CVE-2015-8898", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-07T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.", "An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges." ], "acknowledgement": "Red Hat would like to thank Robert Święcki for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7826\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7826" ], "name": "CVE-2014-7826", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-667->CWE-416", "details": [ "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.", "A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-29661\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-29661" ], "name": "CVE-2020-29661", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan (@sourc7) as the original reporter.", "upstream_fix": "thunderbird 115.2, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4578\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4578\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4578" ], "name": "CVE-2023-4578", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-754", "details": [ "A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Thomas Rinsma of Codean Labs as the original reporter.", "upstream_fix": "firefox 115.11, thunderbird 115.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-4367\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4367\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-22/#CVE-2024-4367\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-23/#CVE-2024-4367" ], "name": "CVE-2024-4367", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-08-08T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-667", "details": [ "The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.", "It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call." ], "statement": "This issue affects Red Hat Enterprise Linux 6 and 7 kernels. This issue was fixed in a version 6 prior to this issue being raised.\nAs this issue is rated as important, it has been scheduled to be fixed in a future version of Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3841\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3841" ], "name": "CVE-2016-3841", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.", "The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2, as KASLR feature is not present or enabled in these products.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5750\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5750" ], "name": "CVE-2018-5750", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.", "A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy." ], "upstream_fix": "haproxy 1.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6269\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6269" ], "name": "CVE-2014-6269", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "The content security policy (CSP) \"sandbox\" directive did not create a unique origin for the document, causing it to behave as if the \"allow-same-origin\" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jun Kokatsu as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7823\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7823\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7823" ], "name": "CVE-2017-7823", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-08-21T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.", "An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid device_index value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3182\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3182" ], "name": "CVE-2014-3182", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-22T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.", "A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed." ], "statement": "This issue did not affect the versions of unzip as shipped with Red Hat Enterprise Linux 5 as they did not include support for Zip64.", "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8141\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8141\nhttp://www.ocert.org/advisories/ocert-2014-011.html" ], "name": "CVE-2014-8141", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.2", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.", "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10879\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10879" ], "name": "CVE-2018-10879", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mathias Karlsson as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7807\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7807\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7807" ], "name": "CVE-2017-7807", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35550\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35550" ], "name": "CVE-2021-35550", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-502->CWE-434", "details": [ "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.", "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "upstream_fix": "xstream 1.4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-21344\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-21344" ], "name": "CVE-2021-21344", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. Port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage." ], "upstream_fix": "thunderbird 91.3, firefox 91.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38507\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38507" ], "name": "CVE-2021-38507", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-14T12:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the SProcRenderCompositeGlyphs function due to improper validation of the request length." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue. Upstream acknowledges the Xorg project as the original reporter.", "upstream_fix": "xorg-x11-server 21.1.2, xorg-x11-server 1.20.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4008\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4008\nhttps://lists.x.org/archives/xorg-announce/2021-December/003122.html\nhttps://lists.x.org/archives/xorg-announce/2021-December/003124.html" ], "name": "CVE-2021-4008", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-10-01T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-732", "details": [ "Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.", "A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat MRG 2 kernels. Future kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7613\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7613" ], "name": "CVE-2015-7613", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-10T17:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Carl Waldspurger (Carl Waldspurger Consulting) and Vladimir Kiriansky (MIT) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3693\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3693\nhttps://01.org/security/advisories/intel-oss-10002\nhttps://access.redhat.com/solutions/3523601\nhttps://people.csail.mit.edu/vlk/spectre11.pdf\nhttps://software.intel.com/sites/default/files/managed/4e/a1/337879-analyzing-potential-bounds-Check-bypass-vulnerabilities.pdf" ], "csaw": true, "name": "CVE-2018-3693" }, { "threat_severity": "Moderate", "public_date": "2020-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-400", "details": [ "In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.", "A flaw was found in bind. Updates to \"Update-policy\" rules of type \"subdomain\" are treated as if they were of type \"zonesub\" which allows updates to all parts of the zone along with the intended subdomain. The highest threat from this vulnerability is to data integrity." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Joop Boonen (credativ GmbH) as the original reporter.", "upstream_fix": "bind 9.11.22, bind 9.16.6, bind 9.17.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8624\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8624\nhttps://kb.isc.org/docs/cve-2020-8624" ], "name": "CVE-2020-8624", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-17T00:00:00Z", "cvss": { "cvss_base_score": "1.8", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.", "It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8136\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8136" ], "name": "CVE-2014-8136", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-24T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename." ], "statement": "The \"FilesMatch\" directive is not enabled in the default httpd configuration as shipped with Red Hat Enterprise Linux, and needs to be explicitly enabled. Therefore this flaw has no impact on the default versions of the httpd package as shipped with Red Hat Enterprise Linux.\nRed Hat Satellite 6 uses Red Hat Enterprise Linux 7's httpd package, and enables the \"FilesMatch\" directive. However, this is not believed to have an impact on security, as, in the context of a Satellite, no one is expected to have the ability to modify file names in the concerned directories. This is not considered as a vector for attack.", "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15715\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15715\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-15715", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4521\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4521\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-4521", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.", "It was found that samba did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.6.8, samba 4.7.0, samba 4.4.16, samba 4.5.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12150\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12150\nhttps://www.samba.org/samba/security/CVE-2017-12150.html" ], "name": "CVE-2017-12150", "mitigation": { "value": "The missing implied signing for 'smb2mount -e', 'smbcacls -e' and 'smbcquotas -e' can be enforced by explicitly using '--signing=required' on the commandline or \"client signing = required\" in smb.conf.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.", "A flaw was found in igb_configure_rx_ring in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue." ], "statement": "This flaw is rated as Important because of its nature of exposure to the threat of impacting Confidentiality, Integrity and Availability by an attacker while being in an adjacent physical layer with no privilege required.", "upstream_fix": "Kernel 6.6-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-45871\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-45871\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f" ], "name": "CVE-2023-45871", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-06-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).", "A flaw was found in the way Linux kernel's Dynamic Logical Partitioning (DLPAR) functionality on PowerPC systems handled low memory conditions on device discovery. An attacker who can change the LPAR configuration and incur low memory conditions at the same time could use this flaw to crash the system." ], "statement": "An attacker needs to be highly privileged to exploit this issue. He either needs to trigger LPAR configuration change (or wait for such event to happen) and incur low memory conditions at the same time. It could be argued that possessing privileges required to exploit this issue could have the same impact as the issue itself.\nThe indications say that this issue was found by static code analysing tool which looks for memory allocations without failure checks and not actually reproduced on a running system. The CVE assignment also looks automated and following the \"better be safe than sorry\" approach.\nAs such, this issue is theoretical in nature and Low impact at best.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12614\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12614" ], "name": "CVE-2019-12614", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7199\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7199\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-131.html" ], "name": "CVE-2015-7199", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-129", "details": [ "LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.", "It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file." ], "upstream_fix": "openoffice 4.1.2, libreoffice 4.4.6, libreoffice 5.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5214\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5214\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/\nhttp://www.openoffice.org/security/cves/CVE-2015-5214.html" ], "name": "CVE-2015-5214", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mei Wang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5280\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5280\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5280", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-250", "details": [ "Given a compromised sandboxed content process due to a separate vulnerability, it is possible to escape that sandbox by loading accounts.firefox.com in that process and forcing a log-in to a malicious Firefox Sync account. Preference settings that disable the sandbox are then synchronized to the local machine and the compromised browser would restart without the sandbox if a crash is triggered. This vulnerability affects Firefox ESR < 60.9, Firefox ESR < 68.1, and Firefox < 69." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Niklas Baumstark via TrendMicro's Zero Day Initiative as the original reporter.", "upstream_fix": "firefox 60.9, firefox 68.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9812\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9812\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-9812" ], "name": "CVE-2019-9812", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5464\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5464\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5464" ], "name": "CVE-2017-5464", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4509\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4509\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-106/" ], "name": "CVE-2015-4509", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.", "A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue." ], "statement": "The latest kernel in RHCOS is kernel-4.18.0-305.49.1.el8 which does not contain the vulnerable code and is not affected, also OCP v4.9 or earlier are not affected.", "upstream_fix": "kernel 5.19 rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-32250\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-32250\nhttps://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd\nhttps://www.openwall.com/lists/oss-security/2022/05/31/1" ], "name": "CVE-2022-32250", "mitigation": { "value": "In order to trigger the issue, it requires the ability to create user/net namespaces.\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.", "An improper input validation flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow an authenticated user to enable escalation of privilege via local access." ], "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38076\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38076\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-38076", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.", "A flaw was found in hw. The speculative execution window of AMD LFENCE/JMP mitigation (MITIGATION V2-2) may be large enough to be exploited on AMD CPUs." ], "acknowledgement": "Red Hat would like to thank AMD for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-26401\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26401\nhttps://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1036" ], "name": "CVE-2021-26401", "mitigation": { "value": "AMD recommends mitigation that uses generic retpoline.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-04-14T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE.", "It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures." ], "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0478\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0478\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA\nhttps://people.redhat.com/~fweimer/rsa-crt-leaks.pdf\nhttps://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/" ], "name": "CVE-2015-0478", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths." ], "upstream_fix": "poppler 0.77.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12293\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12293" ], "name": "CVE-2019-12293", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7752\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7752\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752" ], "name": "CVE-2017-7752", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data." ], "upstream_fix": "libexif 0.6.22", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13114\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13114" ], "name": "CVE-2020-13114", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-11-10T00:00:00Z", "cvss": { "cvss_base_score": "5.2", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.", "It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #DB (debug exception) is handled. A privileged user inside a guest could use this flaw to create denial of service conditions on the host kernel." ], "statement": "This issue affects the version of the kvm & xen packages as shipped with Red Hat Enterprise Linux 5.\nThis issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and 7. Future kernel updates for the respective releases may address this issue.\nRed Hat Enterprise Linux 5 is now in Production Phase 3 of the support and\nmaintenance life cycle. Thus it is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8104\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8104" ], "name": "CVE-2015-8104", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "When packets with a mismatched RTP payload type are sent in WebRTC connections, in some circumstances a potentially exploitable crash is triggered. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tony Paloma as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5130\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5130\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-07/#CVE-2018-5130" ], "name": "CVE-2018-5130", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.", "A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space." ], "upstream_fix": "kernel 4.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8781\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8781" ], "name": "CVE-2018-8781", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).", "A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and potentially affecting network connections and the management of files such as log files or zone journal files." ], "statement": "The patch for CVE-2018-5743 introduced a change in the way bind calculated the number of concurrent connections, from counting the outstanding TCP queries to counting the TCP client connections. However this functionality was not correctly implemented, a attacker could use a single TCP connection to send large number of DNS requests causing denial of service. As per upstream the fix does not help in a situation where a TCP-pipelining client is sending queries at an excessive rate, allowing a backlog of outstanding queries to build up. More details about this is available in the upstream advisory.\nThis bind flaw can be exploited by a remote attacker (AV:N) by opening large number of simultaneous TCP client connections with the server. The attacker needs to use a server which has TCP-pipelining capability to use one TCP connection to send large number of requests. (AC:L and PR:N) No user interaction is required from the server side (UI:N). The attacker can cause denial of service (A:H) by exhausting the file descriptor pool which named has access to. (S:U)", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.15.6, bind 9.11.13, bind 9.14.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6477\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6477\nhttps://kb.isc.org/docs/cve-2019-6477" ], "name": "CVE-2019-6477", "mitigation": { "value": "The vulnerability can be mitigated by disabling server TCP-pipelining:\n~~~\nkeep-response-order { any; };\n~~~\nand then restarting BIND. The server restart is necessary because neither a 'reload' nor a 'reconfig' operation will properly reset currently pipelining TCP clients.\nDisabling TCP-pipelining entirely is completely effective at mitigating the vulnerability with minimal impact to clients that use pipelined TCP connections and with no impact to clients that do not support TCP-pipelining. The majority of Internet client DNS queries are transported over UDP or TCP without use of TCP-pipelining.\nNote: This mitigation will only work with bind-9.11 and above.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2015-10-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Hugh Davenport as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8241\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8241" ], "name": "CVE-2015-8241", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.", "An out-of-bounds write flaw was found in the Linux kernel’s HID drivers. An attacker, able to plug in a malicious USB device, can crash the system or read and write to memory with an incorrect address." ], "statement": "This issue was rated as having Moderate impact because of the need of physical access to trigger it.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19532\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19532" ], "name": "CVE-2019-19532", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).", "It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10355\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10355" ], "name": "CVE-2017-10355", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-25T17:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-125|CWE-787)->CWE-20", "details": [ "A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine." ], "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4034\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4034\nhttps://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt" ], "name": "CVE-2021-4034", "mitigation": { "value": "For customers who cannot update immediately and doesn't have Secure Boot feature enabled, the issue can be mitigated by executing the following steps:\n1) Install required systemtap packages and dependencies as per - pointed by https://access.redhat.com/solutions/5441\n2) Install polkit debug info:\n~~~\ndebuginfo-install polkit\n~~~\n3) Create the following systemtap script, and name it pkexec-block.stp:\n~~~\nprobe process(\"/usr/bin/pkexec\").function(\"main\") {\nif (cmdline_arg(1) == \"\")\nraise(9);\n}\n~~~\n4) Load the systemtap module into the running kernel:\n~~~\nstap -g -F -m stap_pkexec_block pkexec_block.stp\n~~~\n5) Ensure the module is loaded:\n~~~\nlsmod | grep -i stap_pkexec_block\nstap_pkexec_block 434176 0\n~~~\n6) Once polkit package was updated to the version containing the fix, the systemtap generated kernel module can be removed by running:\n~~~\nrmmod stap_pkexec_block\n~~~\nThis mitigation doesn't work for Secure Boot enabled system as SystemTap would require an external compiling server to be able to sign the generated kernel module\nwith a key enrolled into the Kernel's keyring.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andre Weissflog and Omair as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7824\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7824\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7824" ], "name": "CVE-2017-7824", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file that triggers an xkb_intern_atom failure." ], "upstream_fix": "libxkbcommon 0.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15861\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15861" ], "name": "CVE-2018-15861", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-12T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.", "A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time." ], "acknowledgement": "Red Hat would like to thank Daniel Berteaud (FIREWALL-SERVICES SARL) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0244\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0244\nhttp://www.samba.org/samba/security/CVE-2014-0244" ], "name": "CVE-2014-0244", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.", "A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching." ], "statement": "This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as only httpd version 2.4.6 included the vulnerable code.", "upstream_fix": "httpd 2.4.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4352\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4352\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2013-4352", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-126", "details": [ "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service." ], "statement": "The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.", "upstream_fix": "squid 6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-49285\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49285" ], "name": "CVE-2023-49285", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.", "An out-of-bounds (OOB) memory access flaw was found in the floppy driver module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-9383\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9383" ], "name": "CVE-2020-9383", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected floppy driver module onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-01-31T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.", "A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions." ], "statement": "The Apache Portable Runtime Utility (APR-util) library contains additional utility interfaces for APR (Apache Portable Runtime). \nThis vulnerability is related to the incorrect usage of the base64 encoding/decoding family of functions through APR-util API.\nUsage of these functions with long enough string would cause integer overflow and will lead to out-of-bound write.\nThis flaw was rated with an important severity for a moment as Red Hat received information that this vulnerability potentially can allow remote attackers to cause a denial of service to the application linked to the APR-util library. Deep analysis confirmed that there are no known conditions that could lead to DoS. \nAdditionally the APR-util API should not be exposed to the untrusted uploads and usage.", "upstream_fix": "apr-util 1.6.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-25147\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25147" ], "name": "CVE-2022-25147", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.", "The Linux kernel is vulnerable to a memory leak in the drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() function. An attacker could exploit this to cause a potential denial of service." ], "upstream_fix": "kernel 4.16-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8087\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8087" ], "name": "CVE-2018-8087", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2769\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2769" ], "name": "CVE-2019-2769", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.", "A vulnerability was discovered in SPICE where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts." ], "acknowledgement": "This issue was discovered by Frediano Ziglio (Red Hat).", "upstream_fix": "spice-gtk 0.36, spice 0.14.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10873\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10873" ], "name": "CVE-2018-10873", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-416", "details": [ "An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file." ], "upstream_fix": "libxkbcommon 0.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15857\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15857" ], "name": "CVE-2018-15857", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-138", "details": [ "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell." ], "statement": "Impact of the flaw set to Moderate as restricted shell shall not be used as a security feature alone, as it is very hard to configure it properly and several bypasses exist for it.\nThis issue did not affect the versions of bash as shipped with Red Hat Enterprise Linux 5 as they did not include support for BASH_CMDS environment variable.\nRed Hat Virtualization Hypervisor and Management Appliance were affected by this issue, but do not use the restricted bash shell in a way that would be exposed to attackers. Future updates may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9924\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9924" ], "name": "CVE-2019-9924", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 115.1, thunderbird 102.14, firefox 115.1, firefox 102.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4048\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4048\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4048\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4048\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048" ], "name": "CVE-2023-4048", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"" ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4522\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4522\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-4522", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-08-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139.", "A flaw was found in the way the Linux kernel's networking subsystem handled the write queue between TCP disconnection and re-connections. A local attacker could use this flaw to trigger multiple use-after-free conditions potentially escalating their privileges on the system." ], "statement": "This issue affected Red Hat Enterprise Linux 7 starting with kernel version kernel-3.10.0-1053.el7. The first publicly available affected kernel version is kernel-3.10.0-1062.el7 released via https://access.redhat.com/errata/RHSA-2019:2029, the Red Hat Enterprise Linux 7.7 GA kernel errata release.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15239\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15239" ], "name": "CVE-2019-15239", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21366\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21366" ], "name": "CVE-2022-21366", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-08T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14046\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14046" ], "name": "CVE-2018-14046", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-12-15T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).", "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function." ], "upstream_fix": "kernel 4.14.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-18344\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18344" ], "name": "CVE-2017-18344", "mitigation": { "value": "Attached to this bugzilla is a systemtap script that will prevent opening (and therefore reading) the /proc//timers file which is used to leak information.\nThe SystemTap script is relatively small and efficient, broken into 3 distinct sections as follows:\n--------\nprobe kernel.function(\"proc_timers_open@fs/proc/base.c\").return { \n// this is -EACCES\n$return = -13;\nmessage = sprintf(\"CVE-2017-18344 mitigation denied access to %s to %s(%d)\", file_name , execname(), pid());\n// print a warning message at KERN_INFO debug level\nprintk(6, message);\n}\nprobe begin {\nprintk(6, \"Mitigation for CVE-2017-18344 loaded.\\n\");\n}\nprobe end {\nprintk(6, \"Mitigation for CVE-2017-18344 unloaded.\\n\");\n}\n---------\nFirst, the script places a probe at the return of the kernel function “proc_timers_open” when called. This modifies the return value to be EACCES which would return this value to userspace preventing this file from being opened. When the /proc//timer file is attempted to be opened, a message will be logged to the kernel log subsystem showing the process and pid of the application attempting to access the timer file. \nThis file is not in widespread use at this time, although some applications may read from it to debug or understand their own timers that are set. This mitigation will not be useful in this context.\nFinally, the “probe begin” and “probe end” code blocks tell systemtap to add the supplied text to the kernel log buffer via the printk function. This creates an audit trail by registering in the system logs exactly when the mitigation is loaded and unloaded. This will need to be compiled with guru mode (-g parameter) to compile.\nThis will need to be loaded at each boot to remain effective. Red Hat Product security recommends updating to a patched kernel when it is available.\nRed Hat always seeks to provide both mitigations to disable attacks as well as the actual patches to treat the flaw. To learn more about SystemTap, and how it can be used in your management of your Red Hat systems, please refer to Using SystemTap[1] or one of our videos about it within our Customer Portal[2].\n1 - https://access.redhat.com/articles/17839\n2 - https://access.redhat.com/search/#/?q=systemtap", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-06-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Coinbase Security and Samuel Groß (Google Project Zero) as the original reporters.", "upstream_fix": "Firefox ESR 60.7.1, Firefox 67.0.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11707\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11707\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707" ], "name": "CVE-2019-11707", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.", "An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7755\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7755" ], "name": "CVE-2018-7755", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190", "details": [ "Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12265\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12265" ], "name": "CVE-2018-12265", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-290", "details": [ "When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54." ], "statement": "Red Hat Product Security has rated this issue as having a security impact of Moderate, and a future update may address this flaw.", "upstream_fix": "firefox 54", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7762\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7762\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-15/" ], "name": "CVE-2017-7762", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-06-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of an attacker that can inject CSS into stylesheets accessible via internal URIs, such as resources. In doing so, they can bypass a page's Content Security Policy." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gertjan as the original reporter.", "upstream_fix": "thunderbird 102, thunderbird 91.11, firefox 91.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-31744\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31744\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-31744" ], "name": "CVE-2022-31744", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-212", "details": [ "If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1." ], "statement": "Upstream decided to not fix this issue in Firefox ESR 60.2 given the low impact. A future ESR update may correct this flaw.\nThis flaw would impact users who had saved passwords from Firefox 58 or earlier that were not protected by a master password (resulting in an un-encrypted `key3.db`), but set a master password when using Firefox 59 or newer (resulting in an encrypted `key4.db`). The old key file was kept around to facilitate downgrading to Firefox 58.\nThis flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jurgen Gaeremyn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12383\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12383\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12383" ], "name": "CVE-2018-12383", "mitigation": { "value": "To mitigate against this flaw, examine user profile directories for the presence of both `key3.db` and `key4.db` files. If both are present, `key3.db` should be deleted.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-281", "details": [ "If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nika Layzell as the original reporter.", "upstream_fix": "thunderbird 78.10, firefox 78.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23999\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23999\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23999" ], "name": "CVE-2021-23999", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-05-02T04:30:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.", "A use-after-free vulnerability was found in the Netfilter subsystem of the Linux kernel when processing batch requests to update nf_tables configuration. This vulnerability can be abused to perform arbitrary reads and writes in kernel memory. A local user (with CAP_NET_ADMIN capability) could use this flaw to crash the system or potentially escalate their privileges on the system." ], "statement": "Only local users with `CAP_NET_ADMIN` capability (or root) can trigger this issue. \nOn Red Hat Enterprise Linux, local unprivileged users can exploit unprivileged user namespaces (CONFIG_USER_NS) to grant themselves this capability.\nThe OpenShift Container Platform (OCP) control planes or master machines are based on Red Hat Enterprise Linux CoreOS (RHCOS) that consists primarily of RHEL components, hence is also affected by this kernel vulnerability. Like it is mentioned earlier, the successful exploit needs necessary privileges (CAP_NET_ADMIN) and direct, local access . Local user in RHCOS is already a root with full permissions, hence existence of this vulnerability does not bring any value from the potential attacker perspective. From the OpenShift containers perspective, this vulnerability cannot be exploited as in OpenShift the cluster processes on the node are namespaced, which means that switching in the running OpenShift container the namespace will not bring necessary capabilities.\nThis means that for OpenShift, the impact of this vulnerability is Low.\nSimilar to CVE-2023-32233 vulnerability has been explained in the following blog post as an example of \"Container escape vulnerability\":\nhttps://www.redhat.com/en/blog/containers-vulnerability-risk-assessment", "acknowledgement": "Red Hat would like to thank Patryk Sondej and Piotr Krysiuk for reporting this issue.", "upstream_fix": "kernel 6.4-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-32233\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32233\nhttps://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab\nhttps://www.openwall.com/lists/oss-security/2023/05/08/4" ], "name": "CVE-2023-32233", "mitigation": { "value": "1. This flaw can be mitigated by preventing the affected netfilter (nf_tables) kernel module from being loaded. For instructions on how to blacklist a kernel module, please see https://access.redhat.com/solutions/41278.\n2. If the module cannot be disabled, on non-containerized deployments of Red Hat Enterprise Linux, the mitigation is to disable user namespaces:\n```\n# echo \"user.max_user_namespaces=0\" > /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n```\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use the second mitigation (disabling user namespaces) as the functionality is needed to be enabled. The first mitigation (blacklisting nf_tables) is still viable for containerized deployments, providing the environment is not using netfilter.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity." ], "upstream_fix": "expat 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22822\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22822\nhttps://github.com/libexpat/libexpat/pull/539" ], "name": "CVE-2022-22822", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developer reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter.", "upstream_fix": "thunderbird 78.6, firefox 78.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-35113\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35113\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35113" ], "name": "CVE-2020-35113", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected. This vulnerability affects Thunderbird < 91.8.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a revocation reason, were unaffected." ], "upstream_fix": "thunderbird 91.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1197\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1197" ], "name": "CVE-2022-1197", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-07-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.1, Firefox < 103, and Thunderbird < 102.1.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers and the Mozilla Fuzzing Team reporting memory safety bugs in Firefox 102. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102.1, firefox 102.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2505\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2505\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2505" ], "name": "CVE-2022-2505", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-681", "details": [ "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0494\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0494\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0494", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.", "A flaw was found in squid. A denial of service attack is possible due to an improper input validation. The highest threat from this vulnerability is to system availability." ], "upstream_fix": "squid 4.13, squid 5.0.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-24606\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24606\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg" ], "name": "CVE-2020-24606", "mitigation": { "value": "Add the no-digest option to all cache_peer lines in squid.conf", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-02-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record." ], "upstream_fix": "libreoffice 6.0.2.1, libreoffice 5.4.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10120\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10120\nhttps://www.libreoffice.org/about-us/security/advisories/cve-2018-10120/" ], "name": "CVE-2018-10120", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv=\"refresh\" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges James Lee (Kryptos Logic) as the original reporter.", "upstream_fix": "thunderbird 60.2.1, firefox 60.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18499\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18499\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-18499" ], "name": "CVE-2018-18499", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-130", "details": [ "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", "An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.\nlibssh2 is no longer included in the virt module since Red Hat Enterprise Linux 8.1.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3862\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3862\nhttps://www.libssh2.org/CVE-2019-3862.html" ], "name": "CVE-2019-3862", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment." ], "statement": "This issue does not affect the version of openssl as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of openssl098e as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Jüri Aedla as the original reporter.", "upstream_fix": "openssl 1.0.0m, openssl 0.9.8za, openssl 1.0.1h", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0195\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0195\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0195", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5104\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5104\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104" ], "name": "CVE-2018-5104", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10350\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10350" ], "name": "CVE-2017-10350", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-749", "details": [ "urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9948\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9948" ], "name": "CVE-2019-9948", "mitigation": { "value": "If your application uses a blacklist to prevent \"file://\" schema from being used, consider using a whitelist approach to just allow the schemas you want or add \"local_file://\" schema to your blacklist.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.", "A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service." ], "statement": "This issue does affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG. Future Linux kernel updates for the respective releases will address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3688\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3688" ], "name": "CVE-2014-3688", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA use-after-free condition affected TLS socket creation when under memory pressure." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "firefox 115.6, thunderbird 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6859\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6859\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859" ], "name": "CVE-2023-6859", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-07T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-456->CWE-617", "details": [ "name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.", "A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure." ], "statement": "This issue did not affect the versions of bind packages as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the versions of bind97 packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Important security impact and is not currently planned to be addressed in future bind97 packages updates in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "BIND 9.10.2-P2, BIND 9.9.7-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4620\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4620\nhttps://kb.isc.org/article/AA-01267/" ], "name": "CVE-2015-4620", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges terjanq as the original reporter.", "upstream_fix": "thunderbird 68.5, firefox 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6798\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6798\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798" ], "name": "CVE-2020-6798", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Haik Aftandilian as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5454\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5454\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5454" ], "name": "CVE-2017-5454", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges firehack as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2821\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2821\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-51.html" ], "name": "CVE-2016-2821", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nDue to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash." ], "statement": "This vulnerability only affects Firefox on ARM64/aarch64 platforms. Other architectures are not affected.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Deian Stefan as the original reporter.", "upstream_fix": "thunderbird 78, thunderbird 68.10.0, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12417\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12417\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417" ], "name": "CVE-2020-12417", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-11-10T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11 Android-8.0Android ID: A-159625731", "A flaw was found in libexif. A possible out of bounds write, due ot an integer overflow, could lead to a remote code execution if a third party app used this library to process remote image data. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "libexif 0.6.22.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0452\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0452" ], "name": "CVE-2020-0452", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-14T12:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in xorg-x11-server where an out-of-bounds access can occur in the SProcScreenSaverSuspend function." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having Moderate impact.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue. Upstream acknowledges the Xorg project Upstream as the original reporter.", "upstream_fix": "xorg-x11-server 1.20.14, xorg-x11-server 21.1.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4010\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4010\nhttps://lists.x.org/archives/xorg-announce/2021-December/003122.html\nhttps://lists.x.org/archives/xorg-announce/2021-December/003124.html" ], "name": "CVE-2021-4010", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8719\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8719\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8719", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.", "An out-of-bounds memory write flaw in the Linux kernel’s USB Monitor component was found in how a user with access to the /dev/usbmon can trigger it by an incorrect write to the memory of the usbmon. This flaw allows a local user to crash or potentially escalate their privileges on the system." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-43750\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43750\nhttps://github.com/torvalds/linux/commit/a659daf63d16aa883be42f3f34ff84235c302198" ], "name": "CVE-2022-43750", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4883\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4883\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4883", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-03T00:00:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.", "An out-of-bounds read was discovered in python-pillow in the way it decodes FLI images. An application that uses python-pillow to load untrusted images may be vulnerable to this flaw, which can allow an attacker to read the memory of the application they should be not allowed to read." ], "upstream_fix": "python-pillow 6.2.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-5313\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5313" ], "name": "CVE-2020-5313", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2654\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2654" ], "name": "CVE-2020-2654", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-01-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.", "A flaw was found in the Sudo application when the ’pwfeedback' option is set to true on the sudoers file. An authenticated user can use this vulnerability to trigger a stack-based buffer overflow under certain conditions even without Sudo privileges. The buffer overflow may allow an attacker to expose or corrupt memory information, crash the Sudo application, or possibly inject code to be run as a root user." ], "statement": "This flaw can only be exploited if the option `pwfeedback` is enabled in sudo configuration. This option is not enabled by default in any version of Red Hat Enterprise Linux.\nThe sudo packages distributed with Red Hat Enterprise Linux versions are compiled using gcc's stack-protector feature. The \"Stack Smashing Protection\" may help mitigate code execution attacks for this flaw.\nRed Hat Enterprise Linux 5 is not affected as it doesn't include the commit which introduced the vulnerability.", "upstream_fix": "sudo 1.8.31", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-18634\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-18634\nhttps://www.sudo.ws/alerts/pwfeedback.html" ], "name": "CVE-2019-18634", "mitigation": { "value": "Please follow the steps bellow as mitigation:\n1. Check the default properties set for sudo by running:\n~~~\n$ sudo -l\n[sudo] password for user:\nMatching Defaults entries for users on localhost:\n!visiblepw, pwfeedback, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep=\"COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS\",\nenv_keep+=\"MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE\", env_keep+=\"LC_COLLATE LC_IDENTIFICATION\nLC_MEASUREMENT LC_MESSAGES\", env_keep+=\"LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE\", env_keep+=\"LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY\", secure_path=/sbin\\:/bin\\:/usr/sbin\\:/usr/bin\n~~~\n2. If `pwfeedback` is enabled as shown above, edit your `/etc/sudoers` file, changing the line:\n~~~\nDefaults pwfeedback\n~~~\nTo:\n~~~\nDefaults !pwfeedback\n~~~\nThis will disable visual feedback on password typing, making sure the attack is not possible anymore.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.", "It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5355\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5355" ], "name": "CVE-2014-5355", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-06-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow", "A heap overflow flaw was found In Apache httpd mod_session. The highest threat from this vulnerability is to system availability." ], "statement": "This flaw can result in a crash of the httpd child process when mod_session is used.", "acknowledgement": "Red Hat would like to thank Christophe Jaillet and the Apache project for reporting this issue.", "upstream_fix": "httpd 2.4.47", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-26691\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-26691\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2021-26691", "mitigation": { "value": "Only configurations which use the \"SessionEnv\" directive (which is not widely used) are vulnerable to this flaw. SessionEnv is not enabled in default configuration of httpd package shipped with Red Hat Products.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it may present a risk in browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rakesh Mane as the original reporter.", "upstream_fix": "thunderbird 60.9, firefox 60.9, firefox 68.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11744\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11744\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11744" ], "name": "CVE-2019-11744", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.", "A flaw was found in glibc. When processing input in the EUC-KR encoding, an invalid input sequence could cause glibc to read beyond the end of a buffer, resulting in a segmentation fault. The highest threat from this vulnerability is to system availability." ], "statement": "This flaw has been rated as having moderate impact for glibc packages shipped with Red Hat Enterprise Linux because, the maximum impact of this vulnerability is a crash, and it relies on processing untrusted input in an uncommon encoding (EUC-KR). When this encoding is not used, the vulnerability can not be triggered.", "upstream_fix": "glibc 2.33", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-25013\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25013" ], "name": "CVE-2019-25013", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-09T18:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges. Versions through v240 are vulnerable.", "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges." ], "statement": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Important because it allows a local attacker to crash systemd-journald or escalate his privileges. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16864\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16864\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt" ], "name": "CVE-2018-16864", "mitigation": { "value": "To increase the time an attacker needs to exploit this flaw you could override the `StartLimitInterval=` (called StartLimitIntervalSec in newer systemd versions) and `StartLimitBurst=` settings. In this way the attack may require much longer to be successful.\nTo edit the journald service use `sudo systemctl edit systemd-journald.service` and add:\n```\n[Service]\nStartLimitInterval=120\nStartLimitBurst=3\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-89", "details": [ "A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.", "A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function." ], "statement": "Red Hat Virtualization Management Appliance included affected versions of postgresql, however no custom SECURITY DEFINER functions are declared so this vulnerability can not be exploited in the default configuration.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Tom Lane as the original reporter.", "upstream_fix": "postgresql 9.4.24, postgresql 10.10, postgresql 11.5, postgresql 9.5.19, postgresql 9.6.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10208\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10208\nhttps://www.postgresql.org/about/news/1960/" ], "name": "CVE-2019-10208", "mitigation": { "value": "If your use case requires SECURITY DEFINER functions, please follow the advice below to write them safely so they do not rely on search_path and restrict the set of users which can access them.\nhttps://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-14T16:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.", "A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/3553061\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9. Future kernel updates for the respective releases will address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, but to a lesser degree. As such, the issue severity for RHEL5 is considered Moderate. This is not currently planned to be addressed in future updates of the product due to its life cycle and the issue severity. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5391\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5391\nhttps://access.redhat.com/articles/3553061\nhttps://www.kb.cert.org/vuls/id/641765" ], "csaw": true, "name": "CVE-2018-5391", "mitigation": { "value": "One may change the default 4MB and 3MB values of net.ipv4.ipfrag_high_thresh and net.ipv4.ipfrag_low_thresh (and their ipv6 counterparts net.ipv6.ipfrag_high_thresh and net.ipv6.ipfrag_low_thresh) to 256 kB and 192 kB (respectively) or below. Tests show some to significant CPU saturation drop during an attack, depending on a hardware, configuration and environment.\nThere can be some impact on performance though, due to ipfrag_high_thresh of 262144 bytes, as only two 64K fragments can fit in the reassembly queue at the same time. For example, there is a risk of breaking applications that rely on large UDP packets.\nSee the Mitigation section in the https://access.redhat.com/articles/3553061 article for the script to quickly change to/from default and lower settings.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2023-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.\nThe unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.\nWe recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.", "A use-after-free flaw was found in the Linux kernel's af_unix component that allows local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. This issue leads to a race condition where the unix_stream_sendpage() function could access a skb that is being released by garbage collection, resulting in a use-after-free issue." ], "upstream_fix": "Kernel 6.4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4622\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4622\nhttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c" ], "name": "CVE-2023-4622", "mitigation": { "value": "Mitigation for this issue is either not available or currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts).", "It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3253\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3253" ], "name": "CVE-2017-3253", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bharadwaj Machiraju as the original reporter.", "upstream_fix": "thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26959\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26959\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959" ], "name": "CVE-2020-26959", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-10-14T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-456", "details": [ "The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.", "A flaw was found in the way the Linux kernel handled the securelevel functionality after performing a kexec operation. A local attacker could use this flaw to bypass the security mechanism of the securelevel/secureboot combination." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, kernel-rt and MRG-2.", "acknowledgement": "Red Hat would like to thank Linn Crosetto (HP) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7837\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7837" ], "name": "CVE-2015-7837", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12377\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12377\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12377" ], "name": "CVE-2018-12377", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-10-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Jason Kratzer, Philipp, and Simon Giesecke as the original reporters.", "upstream_fix": "thunderbird 78.4, firefox 78.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15683\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15683\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15683" ], "name": "CVE-2020-15683", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Khalil Zhani as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4506\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4506\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-101/" ], "name": "CVE-2015-4506", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-319", "details": [ "Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2." ], "upstream_fix": "thunderbird 91.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38502\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38502" ], "name": "CVE-2021-38502", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Thomas Vegas as the original reporter.", "upstream_fix": "curl 7.66", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5482\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5482\nhttps://curl.haxx.se/docs/CVE-2019-5482.html" ], "name": "CVE-2019-5482", "mitigation": { "value": "Do not use TFTP with curl with smaller than the default BLKSIZE.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-06-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-611", "details": [ "Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.", "A flaw was found in pki-core. Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests." ], "acknowledgement": "Red Hat would like to thank Egor Dimitrenko (Positive Technologies) for reporting this issue.", "upstream_fix": "pki-core 10.11.3, pki-core 10.8.4, pki-core 11.1.1, pki-core 11.0.6, pki-core 10.5.19, pki-core 10.12.5, pki-core 11.2.0, pki-core 10.7.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2414\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2414" ], "name": "CVE-2022-2414", "mitigation": { "value": "There is no known mitigation for this issue, please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.", "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-29007\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29007" ], "name": "CVE-2023-29007", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10871\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10871" ], "name": "CVE-2019-10871", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges lokihardt as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1961\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1961\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-24.html" ], "name": "CVE-2016-1961", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the \"about:pocket-saved\" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9901\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9901\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9901" ], "name": "CVE-2016-9901", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-13T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12641\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12641" ], "name": "CVE-2018-12641", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command.", "A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/", "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8139\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8139\nhttp://www.ocert.org/advisories/ocert-2014-011.html" ], "name": "CVE-2014-8139", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-16T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the \"billion laughs\" attack.", "A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior." ], "upstream_fix": "libxml2 2.9.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3660\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3660" ], "name": "CVE-2014-3660", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-04T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-787", "details": [ "LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.", "It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim." ], "upstream_fix": "libreoffice 4.4.5, libreoffice 5.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4551\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4551\nhttp://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/\nhttp://www.openoffice.org/security/cves/CVE-2015-4551.html" ], "name": "CVE-2015-4551", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9669\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9669" ], "name": "CVE-2014-9669", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16420\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16420\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16420", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7500\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7500" ], "name": "CVE-2015-7500", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.", "It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users." ], "upstream_fix": "samba 4.3.13, samba 4.4.8, samba 4.5.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2125\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2125\nhttps://www.samba.org/samba/security/CVE-2016-2125.html" ], "name": "CVE-2016-2125", "mitigation": { "value": "The following mitigation is suggested by upstream.\nThe samba-tool command and the AD DC mode honours the undocumented \"gensec_gssapi:delegation=no\" option in the [global] section of the smb.conf file.\nControlling Kerberos forwarding\n===============================\nIn the Active Directory world it's possible for administrators to\nlimit the delegation. User and computer objects can both act as\nKerberos users and also as Kerberos services. Both types of objects have an\nattribute called 'userAccountControl' which is a bitmask that controls the\nbehavior of the account. The following three values have impact on possible\ndelegation:\n0x00100000: UF_NOT_DELEGATED:\nThe UF_NOT_DELEGATED can be used to disable the ability to get forwardable TGT\nfor the account. It means the KDC will respond with an error if the client asks\nfor the forwardable ticket. The client typically gives up and removes the\nGSS_C_DELEG_FLAG flag and continues without passing delegated credentials.\nAdministrators can use this to disable possible delegation for the most\nprivileged accounts (e.g. administrator accounts).\n0x00080000: UF_TRUSTED_FOR_DELEGATION\nIf the UF_TRUSTED_FOR_DELEGATION is set on an account a KDC will include the\nOK_AS_DELEGATE flag in a granted service ticket. If the client application\nuses just GSS_C_DELEG_POLICY_FLAG (instead of GSS_C_DELEG_FLAG) gssapi/Kerberos\nlibraries typically only include delegated credentials when the service ticket\nincludes the OK_AS_DELEGATE flag. Administrators can use this to control which\nservices will get delegated credentials, for example if the service runs in a\ntrusted environment and actually requires the presence of delegated\ncredentials.\n0x01000000: UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION\nThe UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION is not really relevant for this\nCVE and just listed here for completeness. This flag is relevant for the\nS4U2Proxy feature, where a service can ask the KDC for a proxied service\nticket which can impersonate users to other services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-704", "details": [ "While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhile implementing AudioWorklets, some code may have cast one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "thunderbird 102.9, firefox 102.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-28162\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28162\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28162\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28162" ], "name": "CVE-2023-28162", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9.", "The Mozilla Foundation Security Advisory describes this issue as:\nAn out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abraruddin Khan and Omair and Mozilla Developers as the original reporters.", "upstream_fix": "thunderbird 78.9, firefox 78.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4127\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4127\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-4127\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-4127" ], "name": "CVE-2021-4127", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2794\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2794" ], "name": "CVE-2018-2794", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-135", "details": [ "ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value.", "A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges Douglas Bagnall as the original reporter.", "upstream_fix": "samba 4.1.22, samba 4.3.3, samba 4.2.7, libldb 1.1.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5330\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5330\nhttps://www.samba.org/samba/security/CVE-2015-5330.html" ], "name": "CVE-2015-5330", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.", "A flaw was found in freerdp in versions between 1.0 and 2.0.0. An out-of-bounds memory write was found in the planar.c function which could allow an attacker to control data sent from the RDP server to the client. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11521\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11521" ], "name": "CVE-2020-11521", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.", "It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root." ], "upstream_fix": "sudo 1.8.20p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000368\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000368\nhttps://access.redhat.com/security/cve/CVE-2017-1000367\nhttps://access.redhat.com/security/vulnerabilities/3059071\nhttps://www.sudo.ws/alerts/linux_tty.html" ], "name": "CVE-2017-1000368", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25744\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25744\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25744\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25744" ], "name": "CVE-2023-25744", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla Developers as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5183\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5183\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183" ], "name": "CVE-2018-5183", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-06T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.", "If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal." ], "statement": "This issue affects the version of krb5 package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5353\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5353" ], "name": "CVE-2014-5353", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-02T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-77", "details": [ "PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.", "A flaw was found in python-pillow. The vulnerability occurs due to Improper Neutralization, leading to command injection. This flaw allows an attacker to externally-influenced input commands that modify the intended command." ], "statement": "Red Hat Quay ships a vulnerable version of Pillow as a dependency of xhtml2pdf. The xhtml2pdf package is used in the invoice generation feature of Quay, however, the vulnerable ImageMath module is not used by xhtml2pdf. Therefore impact for Quay is rated Low.", "upstream_fix": "Pillow 9.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22817\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22817\nhttps://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling" ], "name": "CVE-2022-22817", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor.", "A heap-based buffer overflow flaw related to \"lz4::decompress\" (src/Decompressor) has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7773\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7773\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7773", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.", "A vulnerability was discovered in Tomcat's handling of pipelined requests when \"Sendfile\" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure." ], "upstream_fix": "tomcat 7.0.77, tomcat 8.5.13, tomcat 8.0.43, tomcat 6.0.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5647\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5647" ], "name": "CVE-2017-5647", "mitigation": { "value": "The AJP connector does not support the sendfile capability. A server configured to only use the AJP connector (disable HTTP Connector) is not affected by this vulnerability.\nDisable the sendfile capability by setting useSendfile=\"false\" in the HTTP connector configuration. Note: Disabling sendfile, may impact performance on large files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Mario Gomes as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4519\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4519\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-110/" ], "name": "CVE-2015-4519", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-456", "details": [ "In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.", "A flaw was found in Apache's HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality." ], "statement": "This flaw is caused by use of an uninitialized memory variable. Practically this has no impact, but in some corner cases it is possible that the contents of this variable could be read by a remote process, causing loss of confidentiality as a result of this. There is no evidence of code execution.", "upstream_fix": "httpd 2.4.42", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1934\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1934\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2020-1934", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-08T00:00:00Z", "cvss": { "cvss_base_score": "5.7", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-841", "details": [ "include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.", "An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.\nFor additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Nathan Hoad for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9715\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9715" ], "name": "CVE-2014-9715", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage." ], "upstream_fix": "httpd 2.4.30", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1301\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1301\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2018-1301", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "A logic issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8658\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8658\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8658", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-04-06T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-341", "details": [ "The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.", "A weakness was found in the Linux ASLR implementation. Any user able to running 32-bit applications in a x86 machine can disable ASLR by setting the RLIMIT_STACK resource to unlimited." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3672\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3672\nhttp://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html\nhttp://seclists.org/bugtraq/2016/Apr/34" ], "name": "CVE-2016-3672", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-05-27T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-470", "details": [ "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.", "It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web / Apache Tomcat instance." ], "upstream_fix": "jbossweb 7.4.7.Final, tomcat 6.0.41, tomcat 7.0.54", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0119\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0119" ], "name": "CVE-2014-0119", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\nWhen fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\nWe recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.", "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\nSimilar CVE-2023-4128 was rejected as a duplicate." ], "upstream_fix": "Kernel 6.5-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4207\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4207\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8\nhttps://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/" ], "name": "CVE-2023-4207", "mitigation": { "value": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.", "It was found that the `:source!` command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution." ], "statement": "To be successfully and automatically triggered when a specially crafted file is opened, this vulnerability requires 3 parts :\n1) The `source!` command inability to check if it is running in sandbox mode (the fix commit prevents this)\n2) The `modeline` to be enabled (by default, modeline is disabled when running with root permission. See `Mitigation` steps to disable the modeline)\n3) A function, to be inserted in the modeline, that can be used to trigger the `source!` command (e.g.: `assert_fail()` in the public reproducer). To the best of our knowledge, no such functions were found in the default installation of Red Hat Enterprise Linux versions 5, 6 and 7 at the time of the flaw. However, Red Hat Enterprise Linux version 8 contains `assert_fail()`.\nWithout part 2 or 3, it would be required for an attacker to be able to craft the command line used to open the crafted file, in order to trigger the vulnerability.", "upstream_fix": "neovim 0.3.6, vim 8.1.1365", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-12735\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12735" ], "name": "CVE-2019-12735", "mitigation": { "value": "The vulnerability can be triggered only if `modeline` is enabled. You can check whether `modeline` is enabled within vim via the command `:set modeline?`\nIt can be turned off explicitly by adding `set nomodeline` in a vimrc file.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-11-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-122", "details": [ "Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.", "An integer signedness flaw, leading to a heap-based buffer overflow, was found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "upstream_fix": "freetype 2.5.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9673\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9673" ], "name": "CVE-2014-9673", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401", "details": [ "By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.", "A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program." ], "statement": "This flaw affects versions 9.9.12 -> 9.16.32 of the Bind package, therefore Red Hat Enterprise Linux 6 is not affected.", "acknowledgement": "Red Hat would like to thank Maksym Odinintsev for reporting this issue.", "upstream_fix": "bind 9.19.5, bind 9.16.33, bind 9.18.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38178\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38178\nhttps://kb.isc.org/docs/cve-2022-38178" ], "name": "CVE-2022-38178", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8611\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8611\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8611", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20952\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20952\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20952", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen encoding data from an `inputStream` in `xpcom` the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25732\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25732\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25732\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25732" ], "name": "CVE-2023-25732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an \"overflow.\"" ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4487\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4487\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-90.html" ], "name": "CVE-2015-4487", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-22T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-250", "details": [ "A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.", "A flaw was found in the way the Linux KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7\nmay address this issue.", "upstream_fix": "kernel 4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7518\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7518" ], "name": "CVE-2017-7518", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-07T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.", "The resv_map_release function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7740\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7740" ], "name": "CVE-2018-7740", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-10T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.", "It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions." ], "upstream_fix": "openssh 7.2p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3115\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3115\nhttp://www.openssh.com/txt/x11fwd.adv" ], "name": "CVE-2016-3115", "mitigation": { "value": "Set X11Forwarding=no in sshd_config.\nFor authorized_keys that specify a \"command\" restriction, this issue can be mitigated by also setting the \"no-X11-forwarding\" restriction. In OpenSSH 7.2 and later, the \"restrict\" restriction can be used instead, which includes the \"no-X11-forwarding\" restriction.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2017-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3544\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3544\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3544", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5274\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5274\nhttps://www.mozilla.org/security/advisories/mfsa2016-85/\nhttps://www.mozilla.org/security/advisories/mfsa2016-86/" ], "name": "CVE-2016-5274", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3." ], "upstream_fix": "thunderbird 91.3, firefox 91.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38509\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38509" ], "name": "CVE-2021-38509", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-12-14T12:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in xorg-x11-server where an out-of-bounds access can occur in the SwapCreateRegister function." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having Moderate impact.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue. Upstream acknowledges the Xorg project as the original reporter.", "upstream_fix": "xorg-x11-server 21.1.2, xorg-x11-server 1.20.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4011\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4011\nhttps://lists.x.org/archives/xorg-announce/2021-December/003122.html\nhttps://lists.x.org/archives/xorg-announce/2021-December/003124.html" ], "name": "CVE-2021-4011", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.", "An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7395\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7395" ], "name": "CVE-2017-7395", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5156\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5156\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-5156" ], "name": "CVE-2018-5156", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "details": [ "An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Trippar (Zimperium zLabs) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7758\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7758\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758" ], "name": "CVE-2017-7758", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).", "A flaw was found in samba. When log levels are set at 3 or higher, the string obtained from the client, after a failed character conversion, is printed which could cause long-lived processes to terminate. The highest threat from this vulnerability is to system availability." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Robert Święcki as the original reporter.", "upstream_fix": "samba 4.11.5, samba 4.10.12, samba 4.9.18", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14907\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14907\nhttps://www.samba.org/samba/security/CVE-2019-14907.html" ], "name": "CVE-2019-14907", "mitigation": { "value": "Do not set a log level of 3 or above in production.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "This issue is rated as having Moderate impact because of being limited to only IPV6 port 1720 being used and if with particular module (nf_conntrack_h323) for Voice Over IP H.323.", "acknowledgement": "Red Hat would like to thank Vasily Averin (Virtuozzo) for reporting this issue.", "upstream_fix": "kernel 4.12-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14305\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14305\nhttps://bugs.openvz.org/browse/OVZ-7188\nhttps://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/" ], "name": "CVE-2020-14305", "mitigation": { "value": "A mitigation to this flaw would be to no longer use IPV6 on affected hardware until the kernel has been updated or to disable Voice Over IP H.323 module. Existing systems that have h323-conntrack-nat kernel module loaded will need to unload the \"nf_conntrack_h323\" kernel module and blacklist it ( See https://access.redhat.com/solutions/41278 for a guide on how to blacklist modules).", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-10-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-843", "details": [ "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.", "A flaw was found in the way the Linux kernel’s Bluetooth implementation handled L2CAP (Logical Link Control and Adaptation Protocol) packets with A2MP (Alternate MAC-PHY Manager Protocol) CID (Channel Identifier). This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or potentially executing arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "Red Hat Enterprise Linux 7 is affected starting with the Red Hat Enterprise Linux 7.4 GA kernel version 3.10.0-693 onward.\nFor Red Hat OpenShift Container Platform, while the cluster nodes may be running an underlying kernel that's affected by this flaw present, both virtual and physical hosts in a production environment will generally have the mitigation already in place of having Bluetooth hardware either not present, or not enabled.", "acknowledgement": "Red Hat would like to thank Andy Nguyen (Google) and Intel for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12351\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12351\nhttps://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq\nhttps://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq\nhttps://lore.kernel.org/linux-bluetooth/20200806181714.3216076-1-luiz.dentz@gmail.com/\nhttps://lore.kernel.org/linux-bluetooth/20200806181714.3216076-2-luiz.dentz@gmail.com/\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html\nhttps://www.zdnet.com/article/google-warns-of-severe-bleedingtooth-bluetooth-flaw-in-linux-kernel/" ], "csaw": true, "name": "CVE-2020-12351", "mitigation": { "value": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the Customer Portal at https://access.redhat.com/solutions/2682931.\nAlternatively, Bluetooth can be disabled within the hardware or at BIOS level which will also provide an effective mitigation as the kernel will not be able to detect that Bluetooth hardware is present on the system.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2017-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The KEYS subsystem in the Linux kernel before 3.18 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c.", "A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Andrey Ryabinin (Virtuozzo) and Igor Redko (Virtuozzo) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2647\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2647" ], "name": "CVE-2017-2647", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-172", "details": [ "A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.", "A security regression of CVE-2019-9636 was discovered in python, since commit d537ab0ff9767ef024f26246899728f0116b1ec3, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application." ], "statement": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as the security regression was not introduced in those versions. See CVE-2019-9636 for more details about the how these versions of Red Hat Enterprise Linux are affected with regard to the original flaw.\nThis issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 8 as the security regression was not introduced in those versions. See CVE-2019-9636 for more details about the how these versions of Red Hat Enterprise Linux are affected with regard to the original flaw.", "acknowledgement": "This issue was discovered by Riccardo Schirone (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10160\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10160\nhttps://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html" ], "name": "CVE-2019-10160", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.", "The Mozilla Foundation Security Advisory describes this flaw as:\nOn 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in GMPDecodeData. It is possible that with enough effort this could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Deian Stefan as the original reporter.", "upstream_fix": "thunderbird 68.7.0, firefox 68.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6822\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6822\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6822" ], "name": "CVE-2020-6822", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-06-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917" ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0182\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0182" ], "name": "CVE-2020-0182", "mitigation": { "value": "This flaw could be mitigated by not passing untrusted input to libexif.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10087\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10087" ], "name": "CVE-2017-10087", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-190->CWE-770->(CWE-125|CWE-787)", "details": [ "In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11039\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11039" ], "name": "CVE-2020-11039", "mitigation": { "value": "To mitigate this flaw, do not enable USB redirection in the client config.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14573\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14573" ], "name": "CVE-2020-14573", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-06-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-416", "details": [ "A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.", "A flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system." ], "statement": "This issue is rated as having a Moderate impact because of the privileges (CAP_NET_ADMIN in initial namespace) required for exploiting the issue.", "upstream_fix": "kernel 5.13-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3573\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3573\nhttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52\nhttps://www.openwall.com/lists/oss-security/2021/06/08/2" ], "name": "CVE-2021-3573", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising easThe required privileges is CAP_NET_ADMIN capabilities. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.e of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.", "The Mozilla Foundation Security Advisory describes this flaw as: Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Suhwan Song of SNU CompSec Lab as the original reporter.", "upstream_fix": "thunderbird 102.5, firefox 102.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-45420\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45420\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45420\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45420" ], "name": "CVE-2022-45420", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-121", "details": [ "The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.", "The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, as the change that introduced the flaw is not present in the code of these products. \nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7187\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7187" ], "name": "CVE-2017-7187", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.", "A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft a malicious message leading to a heap-based buffer overflow. This issue allows the attacker to corrupt or access data stored in memory, leading to a denial of service in the rsyslog or possible remote code execution." ], "acknowledgement": "Red Hat would like to thank Pieter Agten (Fortanix) for reporting this issue.", "upstream_fix": "rsyslog 8.2204.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-24903\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24903\nhttps://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8" ], "name": "CVE-2022-24903", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-681->CWE-119", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4843\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4843\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4843", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0402\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0402\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.", "A race condition was found in the Linux kernel before version 4.11-rc1 in 'fs/timerfd.c' file which allows a local user to cause a kernel list corruption or use-after-free via simultaneous operations with a file descriptor which leverage improper 'might_cancel' queuing. An unprivileged local user could use this flaw to cause a denial of service of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\nThis issue affects Red Hat Enterprise Linux 6 and 7. Future updates for the respective releases may address this issue.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2. This flaw is not currently planned to be addressed in future updates due to MRG-2 being an EUS release. For additional information, refer to the Extended Update Support (EUS) Guide: https://access.redhat.com/articles/rhel-eus.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10661\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10661" ], "name": "CVE-2017-10661", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.", "A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request." ], "upstream_fix": "httpd 2.4.26, httpd 2.2.34", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7668\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7668\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-7668", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.", "A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory leak may cause the process to run out of memory and terminate, causing a denial of service." ], "statement": "In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform's version is therefore unused, please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current.", "acknowledgement": "Red Hat would like to thank Xu Mingjie (varas@IIE) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14834\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14834" ], "name": "CVE-2019-14834", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1977\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1977\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-1977", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.", "A flaw was found in the Linux kernels eBPF verification code. By default accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions can use the eBPF verifier to abuse a spectre like flaw where they can infer all system memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-27170\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-27170" ], "name": "CVE-2020-27170", "mitigation": { "value": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.", "It was found that a specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service." ], "upstream_fix": "389-ds-base 1.4.0.18, 389-ds-base 1.3.8.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14648\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14648\nhttps://pagure.io/389-ds-base/issue/49969" ], "name": "CVE-2018-14648", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-26T00:00:00Z", "cvss3": { "cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.", "It was discovered that systemd is vulnerable to a state injection attack when deserializing the state of a service. Properties longer than LINE_MAX are not correctly parsed and an attacker may abuse this flaw in particularly configured services to inject, change, or corrupt the service state." ], "acknowledgement": "Red Hat would like to thank Jann Horn (Google Project Zero) and Ubuntu for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-15686\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-15686" ], "name": "CVE-2018-15686", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-06-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.", "A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled." ], "upstream_fix": "389-ds-base 2.0.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3652\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3652\nhttps://github.com/389ds/389-ds-base/issues/4817" ], "name": "CVE-2021-3652", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." ], "upstream_fix": "webkitgtk 2.20.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4121\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4121" ], "name": "CVE-2018-4121", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-28T10:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.", "A vulnerability found in the Linux kernel's WMM implementation for Marvell WiFi-based hardware (mwifiex) could lead to a denial of service or allow arbitrary code execution. For this flaw to be executed, the attacker must be both local and privileged. There is no mitigation to this flaw. A patch has been provided to remediate this flaw." ], "acknowledgement": "Red Hat would like to thank Huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14815\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14815" ], "name": "CVE-2019-14815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.", "A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10207\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10207" ], "name": "CVE-2016-10207", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-27T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed." ], "upstream_fix": "jquery 3.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-9251\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9251" ], "name": "CVE-2015-9251", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-10T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-78", "details": [ "wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.", "A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script (specified using the -a command line option), and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code." ], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "Red Hat would like to thank Jouni Malinen for reporting this issue.", "upstream_fix": "hostapd 2.3, wpa_supplicant 2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3686\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3686" ], "name": "CVE-2014-3686", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-88", "details": [ "When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Daniel Santos as the original reporter.", "upstream_fix": "thunderbird 78.10, firefox 78.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-24002\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-24002\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-24002" ], "name": "CVE-2021-24002", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-10T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674", "details": [ "The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.", "Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7039\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7039" ], "name": "CVE-2016-7039", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Members the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of members on the Mozilla Fuzzing Team reporting memory safety bugs present in Firefox 103, Firefox ESR 102.1, and Firefox ESR 91.12. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "firefox 91.13, firefox 102.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-38478\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38478\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38478" ], "name": "CVE-2022-38478", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-25T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-17581\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-17581" ], "name": "CVE-2018-17581", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-12-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-863", "details": [ "An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.", "An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration." ], "statement": "This issue did not affect the versions of gvfs as shipped with Red Hat Enterprise Linux 6 as they did not include support for admin backend.", "upstream_fix": "gvfs 1.39.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3827\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3827" ], "name": "CVE-2019-3827", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-185", "details": [ "Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nRegular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Dan Veditz as the original reporter.", "upstream_fix": "thunderbird 102.7, firefox 102.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-23603\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-23603\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23603\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23603" ], "name": "CVE-2023-23603", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Berend-Jan Wever as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1592\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1592\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-87.html" ], "name": "CVE-2014-1592", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-08T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.", "Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-7757\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-7757" ], "name": "CVE-2018-7757", "csaw": false }, { "threat_severity": "Critical", "public_date": "2014-12-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-120", "details": [ "Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1593\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1593\nhttp://www.mozilla.org/security/announce/2014/mfsa2014-88.html" ], "name": "CVE-2014-1593", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8571\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8571\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8571", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12359\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12359\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12359" ], "name": "CVE-2018-12359", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.", "A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Yihan Lian (Qihoo 360 Gear Team) and Zhibin Hu (Qihoo 360 Gear Team) as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14746\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14746\nhttps://www.samba.org/samba/security/CVE-2017-14746.html" ], "name": "CVE-2017-14746", "mitigation": { "value": "Prevent SMB1 access to the server by setting the parameter:\n\"server min protocol = SMB2\"\nto the [global] section of your smb.conf and restart smbd. This prevents and SMB1 access to the server. Note this could cause older clients to be unable to connect to the server.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2800\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2800\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2800", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).", "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data." ], "upstream_fix": "httpd 2.2.32, httpd 2.4.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4975\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4975\nhttps://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975" ], "name": "CVE-2016-4975", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2." ], "upstream_fix": "thunderbird 91.2, firefox 91.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38501\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38501" ], "name": "CVE-2021-38501", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-13T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "status": "verified" }, "details": [ "The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3144\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3144" ], "name": "CVE-2014-3144", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-119", "details": [ "arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.", "A flaw was found on the Linux kernel. On the PowerPC platform, the KVM guest allows the OS users to cause host OS memory corruption via rtas_args.nargs. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "kernel 5.14-4rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-37576\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-37576\nhttps://www.openwall.com/lists/oss-security/2021/07/26/1" ], "name": "CVE-2021-37576", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-841", "details": [ "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability.", "It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi (Lepidum) as the original reporter.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0224\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0224\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-0224", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-25T14:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-271", "details": [ "A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.", "An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges." ], "statement": "This issue did not affect the versions of xorg-x11-server as shipped with Red Hat Enterprise Linux 5 and 6, as well as Red Hat Enterprise Linux 7 prior to 7.4, as they did not allow the use of vulnerable command line options when running with elevated privileges.\nThe default X server configuration in Red Hat Enterprise Linux only allows users logged in on the system's physical console to run Xorg X server. Therefore, users which only have remote access to the the system (for example using SSH) can not exploit this flaw.", "acknowledgement": "Red Hat would like to thank Narendra Shinde for reporting this issue.", "upstream_fix": "xorg-x11-server 1.20.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14665\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14665\nhttps://lists.x.org/archives/xorg-announce/2018-October/002927.html" ], "name": "CVE-2018-14665", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1836\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1836" ], "name": "CVE-2016-1836", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-552", "details": [ "A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12365\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12365\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12365" ], "name": "CVE-2018-12365", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function.", "An out of bounds read flaw related to \"graphite2::Silf::readGraphite\" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7774\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7774\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7774", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401", "details": [ "A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.", "A memory leak flaw was found in the Linux kernel’s performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability." ], "upstream_fix": "kernel 5.10-rc3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25704\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25704\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00\nhttps://www.openwall.com/lists/oss-security/2020/11/09/1" ], "name": "CVE-2020-25704", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Zijie Zhao as the original reporter.", "upstream_fix": "thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26960\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26960\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960" ], "name": "CVE-2020-26960", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-59", "details": [ "It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.", "It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14651\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14651" ], "name": "CVE-2018-14651", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-330", "details": [ "In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.", "A flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user." ], "upstream_fix": "cloud-init 20.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8632\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8632" ], "name": "CVE-2020-8632", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19662\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19662" ], "name": "CVE-2018-19662", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.", "It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2178\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2178\nhttp://eprint.iacr.org/2016/594\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2178", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.", "A flaw was found in the Archive_Tar package. Archive_Tar could allow a remote attacker to traverse directories on the system caused by inadequate checking of symbolic links. An attacker could send a specially-crafted URL request to the Tar.php script containing \"dot dot\" sequences (/../) to modify arbitrary files on the system." ], "upstream_fix": "Archive_Tar 1.4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-36193\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36193" ], "csaw": true, "name": "CVE-2020-36193" }, { "threat_severity": "Moderate", "public_date": "2020-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c." ], "upstream_fix": "freerdp 2.1.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13396\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13396" ], "name": "CVE-2020-13396", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-03-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox < 59.0.1, Firefox ESR < 52.7.2, and Thunderbird < 52.7.", "An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the application to crash or, potentially, execute arbitrary code." ], "statement": "Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThe affected code is present in esc and xulrunner, however esc has no support for audio, and xulrunner is limited to using only local content that an attacker can not control. These components are not impacted by this vulnerability.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Richard Zhu via Trend Micro's Zero Day Initiative as the original reporter.", "upstream_fix": "libvorbis 1.3.6, firefox 57.2.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5146\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5146\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-08" ], "name": "CVE-2018-5146", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2838\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2838\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-64.html" ], "name": "CVE-2016-2838", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-31T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-843", "details": [ "snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.", "A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the \"-OQ\" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash." ], "statement": "This issue affects the versions of net-snmp as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3565\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3565" ], "name": "CVE-2014-3565", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-03T00:00:00Z", "cvss": { "cvss_base_score": "6.5", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", "A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank MIT Kerberos project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5352\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5352\nhttp://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2015-001.txt" ], "name": "CVE-2014-5352", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.", "A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.10.3-P3, bind 9.9.8-P3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8704\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8704\nhttps://kb.isc.org/article/AA-01335" ], "name": "CVE-2015-8704", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-04T09:14:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-732", "details": [ "A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.", "A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes." ], "statement": "This vulnerability is rated Important when use in a IdM/IPA environment, where an ACI installed by default allows an authenticated attacker to use this flaw to retrieve the userPassword attribute of any user.", "acknowledgement": "Red Hat would like to thank Gerald Vogt (Deutsches Klimarechenzentrum) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14824\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14824\nhttps://pagure.io/389-ds-base/issue/50716" ], "name": "CVE-2019-14824", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Zhanjia Song as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12378\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12378\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12378" ], "name": "CVE-2018-12378", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-05-31T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals." ], "upstream_fix": "firefox 91.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-31742\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31742" ], "name": "CVE-2022-31742", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes.", "It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. If gluster multiplexing is enabled this will result in a crash of multiple bricks and gluster volumes." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10914\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10914" ], "name": "CVE-2018-10914", "mitigation": { "value": "SELinux mitigates this issue on Red Hat Gluster Storage 3. SELinux should be in enforcing mode only as permissive mode does not block attacks.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21305\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21305" ], "name": "CVE-2022-21305", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options.", "A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5970\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5970" ], "name": "CVE-2017-5970", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.", "An off-by-one error has been discovered in libX11 in functions XGetFontPath(), XListExtensions(), and XListFonts(). An attacker who can either configure a malicious X server or modify the data coming from one could use this flaw to make the program crash or have other unspecified effects, caused by the memory corruption." ], "statement": "This issue did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 5 as they did not include the vulnerable code.\nTo exploit the vulnerability an attacker would need to have already compromised the X server used by your applications. Normally, the X client that runs libX11 and the X server runs on the same machine, thus if an attacker can trigger this flaw he has already compromised the X server, which runs as root, and he has already full control on the system. If the X client runs on another system than the X server (e.g. DISPLAY environment variable is used and it points to an X server on another system) then exploiting this vulnerability would only gain the privileges of the client, which should not be run with high privileges. For the above reasons, this flaw was rated as Moderate Impact.", "upstream_fix": "libX11 1.6.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14599\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14599" ], "name": "CVE-2018-14599", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-14T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.", "A use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as the flaw was already fixed in the products listed.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9794\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9794" ], "name": "CVE-2016-9794", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nOn some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges JSec of Hayyim Security as the original reporter.", "upstream_fix": "firefox 115.5, thunderbird 115.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6204\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6204\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6204\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6204" ], "name": "CVE-2023-6204", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-27T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-838", "details": [ "LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1." ], "upstream_fix": "LibreOffice 6.2.6, LibreOffice 6.3.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9853\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9853\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9853/" ], "name": "CVE-2019-9853", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9902\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9902\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9902" ], "name": "CVE-2016-9902", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "8.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.", "A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14493\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14493\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14493" }, { "threat_severity": "Important", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1104", "details": [ "An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108.", "The Mozilla Foundation Security Advisory describes this flaw as:\nAn out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla Developers as the original reporter.", "upstream_fix": "thunderbird 102.7, firefox 102.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46871\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46871\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46871\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46871" ], "name": "CVE-2022-46871", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-03-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.", "A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-0996\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0996" ], "name": "CVE-2022-0996", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-674->CWE-400", "details": [ "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)." ], "upstream_fix": "openssl 1.1.0h, openssl 1.0.2o", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0739\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0739\nhttps://www.openssl.org/news/secadv/20180327.txt" ], "name": "CVE-2018-0739", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "10.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-270", "details": [ "Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Coinbase Security as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11708\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11708\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-19/#CVE-2019-11708" ], "name": "CVE-2019-11708", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial of service (image.cpp Exiv2::Internal::stringFormat out-of-bounds read) via a crafted file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8976\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8976" ], "name": "CVE-2018-8976", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIt was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-4140\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4140\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2021-4140\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140" ], "name": "CVE-2021-4140", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.", "A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled." ], "upstream_fix": "openssl 1.0.1i, openssl 0.9.8zb, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3510\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3510\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3510", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16391\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16391\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16391", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-09T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.", "A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future updates for the respective releases may address the issue.\nThis has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8543\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8543" ], "name": "CVE-2015-8543", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.", "A security flaw was found in the Linux kernel in the adjust_scalar_min_max_vals() function in kernel/bpf/verifier.c. A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because this function mishandles 32-bit right shifts. A local unprivileged user cannot leverage this flaw, but as a privileged user (\"root\") this can lead to a system panic and a denial of service or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18445\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18445" ], "name": "CVE-2018-18445", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.", "It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd." ], "upstream_fix": "httpd 2.4.26, httpd 2.2.34", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3167\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3167\nhttps://httpd.apache.org/security/vulnerabilities_22.html\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2017-3167", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-08-31T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-835", "details": [ "In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file." ], "statement": "This issue affects the versions of exiv2 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19108\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19108" ], "name": "CVE-2018-19108", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.", "It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5573\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5573\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5573", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4517\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4517\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-4517", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "\"managed-keys\" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.", "An assertion failure was found in the way bind implemented the \"managed keys\" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "upstream_fix": "bind 9.11.5-P4, bind 9.12.3-P4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5745\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5745\nhttps://kb.isc.org/docs/cve-2018-5745" ], "name": "CVE-2018-5745", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-16T00:00:00Z", "cvss": { "cvss_base_score": "3.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "The expansion of '\\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.", "An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0634\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0634" ], "name": "CVE-2016-0634", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts).", "It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5547\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5547" ], "name": "CVE-2016-5547", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", "A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash." ], "statement": "Samba in RHEL does not implement the AD DC role and is not built against Heimdal, thus Samba is not affected by this CVE.", "upstream_fix": "krb5 1.19.4, krb5 1.20.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42898\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42898\nhttps://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html" ], "name": "CVE-2022-42898", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8524\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8524" ], "name": "CVE-2019-8524", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-11T00:00:00Z", "cvss": { "cvss_base_score": "5.5", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with\nRed Hat Enterprise Linux 7.\nThis has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/", "upstream_fix": "3.10.0 560.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2584\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2584" ], "name": "CVE-2017-2584", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.", "A flaw was found in the Linux kernel, prior to version 5.0.7, in drivers/scsi/megaraid/megaraid_sas_base.c, where a NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds(). An attacker can crash the system if they were able to load the megaraid_sas kernel module and groom memory beforehand, leading to a denial of service (DoS), related to a use-after-free." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11810\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11810" ], "name": "CVE-2019-11810", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-345", "details": [ "realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response.", "A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2704\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2704" ], "name": "CVE-2015-2704", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bruno Keith as the original reporter.", "upstream_fix": "thunderbird 78, firefox 78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12425\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12425\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425" ], "name": "CVE-2020-12425", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Fraser Tweedale as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7792\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7792\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-19/#CVE-2017-7792" ], "name": "CVE-2017-7792", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-05T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value." ], "statement": "This issue does not affect the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. This issue does not affect the openssl098e as shipped with Red Hat Enterprise Linux 6.", "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Felix Gröbert and Ivan Fratrić (Google) as the original reporters.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m, openssl 0.9.8za", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3470\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3470\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2014-3470", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.", "A use-after-free flaw was found in the Linux kernel’s GPU driver functionality when destroying GEM context. A local user could use this flaw to crash the system or potentially escalate their privileges." ], "statement": "The impact of this issue is Moderate, because attack is specific for certain Intel hardware and could be triggered only by local user with write access to the device.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-7053\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7053" ], "name": "CVE-2020-7053", "mitigation": { "value": "In case of dedicated graphic card presence and i915 GPU is not being used, you can prevent module i915 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-11-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jun Kokatsu as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7830\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7830\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7830" ], "name": "CVE-2017-7830", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.", "An information leak flaw was found in the 2D component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2632\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2632\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2632", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-94", "details": [ "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8536\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8536" ], "name": "CVE-2019-8536", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-08-15T00:00:00Z", "cvss": { "cvss_base_score": "3.8", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-665", "details": [ "fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.", "A NULL pointer dereference flaw was found in the Linux kernel: the NFSv4.2 migration code improperly initialized the kernel structure. A local, authenticated user could use this flaw to cause a panic of the NFS client (denial of service)." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address the issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8746\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8746" ], "name": "CVE-2015-8746", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-15T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-391", "details": [ "In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form." ], "upstream_fix": "kernel 4.17-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18690\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18690" ], "name": "CVE-2018-18690", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8783\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8783\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8783", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.", "A vulnerability was found in X.Org Server. This flaw occurs if a client explicitly destroys the compositor overlay window (aka COW), where Xserver leaves a dangling pointer to that window in the CompScreen structure, which will later trigger a use-after-free issue. The Overlay Window use-after-free issue can lead to a local privilege escalation vulnerability." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9. Therefore, Red Hat Enterprise Linux 8 and 9 have been rated Moderate severity.", "upstream_fix": "xorg-server 21.1.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-1393\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1393\nhttps://lists.x.org/archives/xorg-announce/2023-March/003374.html" ], "name": "CVE-2023-1393", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.", "A flaw was found in the Archive_Tar package. PEAR Archive_Tar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive." ], "upstream_fix": "Archive_Tar 1.4.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-28949\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-28949" ], "csaw": true, "name": "CVE-2020-28949" }, { "threat_severity": "Important", "public_date": "2023-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787->CWE-125", "details": [ "A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.", "A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "This issue was discovered by Peter Hutterer (Red Hat).", "upstream_fix": "xorg-server 21.1.10, xwayland 23.2.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6377\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6377\nhttps://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd\nhttps://lists.x.org/archives/xorg-announce/2023-December/003435.html" ], "name": "CVE-2023-6377", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-06-24T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.", "A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, MRG-2 and realtime and will be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4997\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4997" ], "name": "CVE-2016-4997", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.", "A text injection flaw was found in how mod_auth_openidc handled error pages. An attacker could potentially use this flaw to conduct content spoofing and phishing attacks by tricking users into opening specially crafted URLs." ], "upstream_fix": "mod_auth_openidc 2.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-6059\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-6059" ], "name": "CVE-2017-6059", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-248", "details": [ "The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic.", "Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000407\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000407" ], "name": "CVE-2017-1000407", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter." ], "statement": "This issue affects the version of python-urllib3 shipped with Red Hat Gluster Storage 3, as it is vulnerable to CRLF injection.\nRed Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", "upstream_fix": "python-urllib3 1.24.3, python-urllib3 1.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11236\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11236" ], "name": "CVE-2019-11236", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash." ], "upstream_fix": "thunderbird 91.3, firefox 91.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43535\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43535" ], "name": "CVE-2021-43535", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-07-23T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-345", "details": [ "An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site." ], "upstream_fix": "mailman 2.1.28", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13796\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13796" ], "name": "CVE-2018-13796", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10135\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10135" ], "name": "CVE-2017-10135", "csaw": false }, { "threat_severity": "Critical", "public_date": "2021-12-01T16:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.", "A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client, triggering the flaw. The highest threat to this vulnerability is confidentiality, integrity, as well as system availability." ], "statement": "The issue is not limited to TLS. Any applications that use NSS certificate verification are vulnerable; S/MIME is impacted as well. Similarly, a server application compiled with NSS, which processes client certificates, can receive a malicious certificate via a client.\nFirefox is not vulnerable to this flaw as it uses the mozilla::pkix for certificate verification. Thunderbird is affected when parsing email with the S/MIME signature. Thunderbird on Red Hat Enterprise Linux 8.4 and later does not need to be updated since it uses the system NSS library, but earlier Red Hat Enterprise Linux 8 extended life streams will need to update Thunderbird as well as NSS.", "acknowledgement": "Red Hat would like to thank Tavis Ormandy (Project Zero) for reporting this issue. Upstream acknowledges the Mozilla project as the original reporter.", "upstream_fix": "nss 3.73.0, nss 3.68.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43527\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43527\nhttps://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-51/" ], "csaw": true, "name": "CVE-2021-43527", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2016-06-07T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.", "Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith and Jed Davis as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2834\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2834\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-61.html" ], "name": "CVE-2016-2834", "mitigation": { "value": "Do not use NSS to parse untrusted certificates.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Magnus Melin as the original reporter.", "upstream_fix": "thunderbird 68.10.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15646\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15646\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646" ], "name": "CVE-2020-15646", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-11-25T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.", "It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9576\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9576" ], "name": "CVE-2016-9576", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-416", "details": [ "The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.", "A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6. \nRefer to https://access.redhat.com/node/2131021 for further information.", "acknowledgement": "Red Hat would like to thank the Perception Point research team for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0728\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0728\nhttps://access.redhat.com/node/2131021" ], "csaw": true, "name": "CVE-2016-0728" }, { "threat_severity": "Moderate", "public_date": "2020-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 13.3, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8846\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8846\nhttps://webkitgtk.org/security/WSA-2020-0001.html" ], "name": "CVE-2019-8846", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.", "An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6302\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6302\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-6302", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-01T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-908", "details": [ "A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.", "A flaw was found in the Linux kernel’s implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10732\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10732" ], "name": "CVE-2020-10732", "mitigation": { "value": "Possible mitigation would be to disable core dumps system-wide by setting:\n* hard core 0\nIn the /etc/security/limits.conf file and restarting applications/services/processes which users may have access to or simply reboot the system. This disables core dumps which may not be a suitable workaround in your environment.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-532->CWE-200", "details": [ "A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed.", "A flaw was found in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed." ], "statement": "This vulnerability exists in the server component of FreeIPA. Client packages are not affected.", "acknowledgement": "Red Hat would like to thank Jamison Bennett (Cloudera) for reporting this issue.", "upstream_fix": "FreeIPA 4.7.4, FreeIPA 4.6.7, FreeIPA 4.8.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10195\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10195\nhttps://www.freeipa.org/page/Releases/4.6.7\nhttps://www.freeipa.org/page/Releases/4.7.4\nhttps://www.freeipa.org/page/Releases/4.8.3" ], "name": "CVE-2019-10195", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7499\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7499" ], "name": "CVE-2015-7499", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-06-26T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "(CWE-125|CWE-476)", "details": [ "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.", "A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application." ], "statement": "This issue did not affect the version of krb5 as shipped with Red Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4342\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4342" ], "name": "CVE-2014-4342", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-829", "details": [ "A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges James Lee of Kryptos Logic as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18494\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18494\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-18494" ], "name": "CVE-2018-18494", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-11-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code" ], "upstream_fix": "thunderbird 91.3, firefox 91.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-43534\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43534" ], "name": "CVE-2021-43534", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-09-17T17:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.", "An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system." ], "statement": "This issue requires unprivileged users to have access to '/dev/kvm' device. So restricting access to '/dev/kvm' device to known trusted users could limit its exploitation by untrusted users/processes.", "acknowledgement": "Red Hat would like to thank Matt Delco (Google.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14821\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14821" ], "name": "CVE-2019-14821", "mitigation": { "value": "Restrict access to the '/dev/kvm' device to trusted users.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.", "The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may address this issue.", "acknowledgement": "Red Hat would like to thank Ari Kauppi for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7895\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7895" ], "name": "CVE-2017-7895", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-787", "details": [ "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", "A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this vulnerability is to data confidentiality and integrity and system availability." ], "statement": "This flaw was present in libssh2 packages included in Red Hat Virtualization Hypervisor and Management Appliance, however libssh2 in these hosts is never exposed to malicious clients or servers.", "acknowledgement": "Red Hat would like to thank the libssh2 project for reporting this issue. Upstream acknowledges Chris Coulson (Canonical Ltd.) as the original reporter.", "upstream_fix": "libssh2 1.8.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3863\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3863\nhttps://www.libssh2.org/CVE-2019-3863.html" ], "name": "CVE-2019-3863", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-05T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-862->CWE-200", "details": [ "389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the \"cn=changelog\" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors.", "An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords." ], "acknowledgement": "This issue was discovered by Petr Špaček (Red Hat Identity Management Engineering Team).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8105\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8105" ], "name": "CVE-2014-8105", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in the X.Org Server before version 1.20.10. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the X.Org Server. An out-of-bounds access in the XkbSetMap function may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "The Xorg server in Red Hat Enterprise Linux 8 does not run with root privileges, thus this flaw has been rated as having a moderate impact on that platform.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-x11-server 1.20.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14360\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14360\nhttps://lists.x.org/archives/xorg-announce/2020-December/003066.html" ], "name": "CVE-2020-14360", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-05-05T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack." ], "acknowledgement": "Red Hat would like to thank chenyuan (NESA Lab) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10767\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10767" ], "name": "CVE-2018-10767", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.", "A flaw was found in freerdp in versions before versions 2.0.0-rc4. An integer overflow that leads to a heap-based buffer overflow in the gdi_Bitmap_Decompress() function leads to memory corruption. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "upstream_fix": "freerdp 2.0.0-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-8787\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-8787" ], "name": "CVE-2018-8787", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8673\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8673\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8673", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Joshua Drake as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4496\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4496\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-93.html" ], "name": "CVE-2015-4496", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.", "An integer overflow flaw, leading to a buffer overflow, was found in the way the EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Guido Vranken as the original reporter.", "upstream_fix": "openssl 1.0.2h, openssl 1.0.1t", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2106\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2106\nhttps://openssl.org/news/secadv/20160503.txt" ], "name": "CVE-2016-2106", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-22", "details": [ "A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.", "A flaw was found in librepo. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories." ], "statement": "This issue is rated as having Moderate impact on Red Hat Enterprise Linux 7 because `DNF` is not installed by default. The `DNF` package is available through the Extras channel as an enhancement to YUM 3. Both Fedora and Red Hat Enterprise Linux leverage transport security and package signatures to ship software to their users in a safe way.\nFedora provides a centralized, non-mirrored Fedora-run metalink service which provides a list if active mirrors and the expected cryptographic digest of the `repomd.xml` files. yum uses this information to select a mirror and verify that it serves the up-to-date, untampered `repomd.xml`. The chain of cryptographic digests is verified from there, eventually leading to verification of the .rpm file contents.\nRed Hat uses a different option to distribute Red Hat Enterprise Linux and its RPM-based products: a content-distribution network, managed by a trusted third party. Furthermore, the repositories provided by Red Hat use a separate public key infrastructure which is managed by Red Hat. For further information, refer to the following articles.\n[1] https://access.redhat.com/blogs/766093/posts/1976693\n[2] https://access.redhat.com/articles/1373143", "acknowledgement": "Red Hat would like to thank Sergei Iudin for reporting this issue.", "upstream_fix": "librepo 1.12.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14352\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14352" ], "name": "CVE-2020-14352", "mitigation": { "value": "Avoid downloading software from untrusted third-party mirrors. Note that under normal circumstances, this flaw does not pose any threat to Red Hat users, as repositories are fully trusted and controlled by Red Hat.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.", "A flaw was found in Pillow. A denial of service issue uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for TrueType in ImageFont when text length in an ImageDraw instance operates on a long text argument." ], "statement": "This security vulnerability is categorized as having a moderate impact because it only results in increased memory consumption when exceptionally long strings are utilized as text input.", "upstream_fix": "Pillow 10.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-44271\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-44271\nhttps://devhub.checkmarx.com/cve-details/CVE-2023-44271/\nhttps://github.com/python-pillow/Pillow/pull/7244" ], "name": "CVE-2023-44271", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-22T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.", "It was discovered that libcurl could incorrectly reuse Negotiate authenticated HTTP connections for subsequent requests. If an application using libcurl established a Negotiate authenticated HTTP connection to a server and sent subsequent requests with different credentials, the connection could be re-used with the initial set of credentials instead of using the new ones." ], "statement": "This issue affects the version of curl package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not planned to be addressed in a future update for Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Daniel Stenberg (curl upstream) for reporting this issue. Upstream acknowledges Isaac Boukris as the original reporter.", "upstream_fix": "curl 7.42.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3148\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3148\nhttp://curl.haxx.se/docs/adv_20150422B.html" ], "name": "CVE-2015-3148", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-08-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.", "An improper input validation flaw was found in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software that may allow an unauthenticated user to enable a denial of service via adjacent access." ], "upstream_fix": "linux-firmware 20230804", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-36351\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36351\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html" ], "name": "CVE-2022-36351", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21626\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21626" ], "name": "CVE-2022-21626", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel", "A vulnerability was found in unix_dgram_recvmsg in net/unix/af_unix.c in the Linux kernel's garbage collection for Unix domain socket file handlers. In this flaw, a missing cleanup may lead to a use-after-free due to a race problem. This flaw allows a local user to crash the system or escalate their privileges on the system.\nA read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system." ], "upstream_fix": "kernel 5.14 rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-0920\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-0920\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca" ], "name": "CVE-2021-0920", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service.", "A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection could abuse this flaw to crash the libvirt daemon, resulting in a potential denial of service." ], "statement": "Versions of `libvirt` as shipped with Red Hat Enterprise Linux 5 and 6 are marked as \"notaffected\" as they do not include the vulnerable code, which was introduced in a later version of the package. Specifically, the affected internal function `storagePoolLookupByTargetPathCallback` was introduced in `libvirt` upstream version v3.10.0, whereas the `virStoragePoolLookupByTargetPath` method was exported as a public API in version 4.1.0.", "acknowledgement": "This issue was discovered by Han Han (Red Hat).", "upstream_fix": "libvirt 6.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10703\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10703" ], "name": "CVE-2020-10703", "csaw": false }, { "threat_severity": "Low", "public_date": "2005-01-04T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools.", "A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted." ], "upstream_fix": "IcedTea7 2.5.5, IcedTea6 1.13.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0480\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0480\nhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA" ], "name": "CVE-2015-0480", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2786\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2786" ], "name": "CVE-2019-2786", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).", "It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10116\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10116" ], "name": "CVE-2017-10116", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-755", "details": [ "VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.", "A heap-based buffer overflow flaw was found in libvpx, a library used to process VP9 video codecs data. This issue occurs when processing certain specially formatted video data via a crafted HTML page, allowing an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library." ], "statement": "This security issue has been classified as having an Important security impact. Desktop users are at a high risk of exploitation of this flaw with very minimal interaction. It may compromise the confidentiality, integrity, or availability of resources.\nCustomers using this application, which does server-side video codecs by linking to the libvpx library, are also potentially impacted by this flaw and are advised to update to the fixed versions of the package.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-44488\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-44488" ], "name": "CVE-2023-44488", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-12T17:25:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.", "A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content." ], "statement": "This flaw is rated Moderate because the configuration setting that makes pki-core vulnerable - directory-based authentication - is disabled by default and the damage is somewhat limited to the domain where the ids are recognized (for example, in one corporation's realm).", "acknowledgement": "This issue was discovered by Tim Bielawa (Red Hat, Inc.).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-2393\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-2393" ], "name": "CVE-2022-2393", "mitigation": { "value": "This flaw is not exposed if directory-based authentication is not enabled. It is not enabled by default.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-15T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10165\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10165" ], "name": "CVE-2016-10165", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.
    *Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6.", "The Mozilla Foundation Security Advisory describes this flaw as: A missing check related to tex units could have led to a use-after-free and potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.", "upstream_fix": "thunderbird 102.6, firefox 102.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46880\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46880\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46880\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46880" ], "name": "CVE-2022-46880", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-03-31T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11042\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11042" ], "name": "CVE-2020-11042", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-10T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-476", "details": [ "The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.", "A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address the issue.", "acknowledgement": "This issue was discovered by Jan Stancek (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3070\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3070" ], "name": "CVE-2016-3070", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-11-25T08:29:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.", "A heap-based buffer overflow was discovered in the Linux kernel's Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank ADLab of Venustech for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14895\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14895\nhttps://www.openwall.com/lists/oss-security/2019/11/22/2" ], "name": "CVE-2019-14895", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jerri Rice as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5390\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5390\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5390" ], "name": "CVE-2017-5390", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-10-25T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.", "A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed." ], "statement": "The xorg-x11-server-Xwayland package as shipped by Red Hat Enterprise Linux 8 and 9 is not affected by this issue as Xwayland does not support multiple protocol screens and is not affected by this vulnerability.", "upstream_fix": "xorg-server 21.1.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5380\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5380\nhttps://lists.x.org/archives/xorg-announce/2023-October/003430.html" ], "name": "CVE-2023-5380", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-822->CWE-125", "details": [ "The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature.", "An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application." ], "acknowledgement": "Red Hat would like to thank OpenSSL project for reporting this issue. Upstream acknowledges Stephen Henson (OpenSSL development team) as the original reporter.", "upstream_fix": "openssl 1.0.1m, openssl 0.9.8zf, openssl 1.0.0r, openssl 1.0.2a", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0286\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0286\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0286", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-07-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14577\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14577" ], "name": "CVE-2020-14577", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-15T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity." ], "upstream_fix": "expat 2.4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22826\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22826\nhttps://github.com/libexpat/libexpat/pull/539" ], "name": "CVE-2022-22826", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.0", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) \" (double quote), (2) \\ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation.", "A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program." ], "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Nathan Bossart as the original reporter.", "upstream_fix": "postgresql 9.3.14, postgresql 9.5.4, postgresql 9.2.18, postgresql 9.1.23, postgresql 9.4.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5424\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5424" ], "name": "CVE-2016-5424", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-12-15T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nUsing techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ben Seri, Gregory Vishnepolsky, and Samy Kamkar as the original reporters.", "upstream_fix": "thunderbird 78.6, firefox 78.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26978\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26978\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26978" ], "name": "CVE-2020-26978", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-672", "details": [ "Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.", "A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory." ], "upstream_fix": "openssl 1.0.0n, openssl 0.9.8zb, openssl 1.0.1i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3505\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3505\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3505", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-11-03T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a \"use-after-poison\" issue.", "A use-after-poison flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith as the original reporter.", "upstream_fix": "nss 3.19.2.1, nss 3.20.1, nss 3.19.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7181\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7181\nhttps://access.redhat.com/articles/2043623\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-133.html" ], "name": "CVE-2015-7181", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7213\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7213\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-146.html" ], "name": "CVE-2015-7213", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-03-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-449", "details": [ "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "firefox 115.9, thunderbird 115.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-2611\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2611\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-13/#CVE-2024-2611\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-14/#CVE-2024-2611" ], "name": "CVE-2024-2611", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-10-09T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.", "A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system." ], "statement": "This issue does affect Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG. Future Linux kernel updates for the respective releases will address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3687\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3687" ], "name": "CVE-2014-3687", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.", "A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace." ], "statement": "This issue does not affect Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue affects Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Stefano Brivio (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7558\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7558" ], "name": "CVE-2017-7558", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-01-19T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.", "An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0483\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0483\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixJAVA" ], "name": "CVE-2016-0483", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-11-02T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE.", "A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2625\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2625\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2625", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.", "A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting Web site, which can lead to stealing the victim's cookie-based authentication credentials." ], "statement": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation, since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions do not use the vulnerable component at all.\nRed Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.", "upstream_fix": "bootstrap 3.4.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20676\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20676" ], "name": "CVE-2018-20676", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8819\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8819\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8819", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nApplying a CSS filter effect could have accessed out-of-bounds memory. This could have led to a heap-buffer-overflow, causing a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.5, firefox 91.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22738\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22738\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22738\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22738" ], "name": "CVE-2022-22738", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent.", "An incomplete fix for CVE-2018-5748 that affects QEMU monitor leading to a resource exhaustion but now also triggered via QEMU guest agent." ], "acknowledgement": "This issue was discovered by Daniel P. Berrange (Red Hat).", "upstream_fix": "libvirt 4.2.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1064\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1064\nhttps://security.libvirt.org/2018/0004.html" ], "name": "CVE-2018-1064", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9898\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9898\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9898" ], "name": "CVE-2016-9898", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-126", "details": [ "A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.", "A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure." ], "upstream_fix": "squid 5.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-41318\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41318\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78" ], "name": "CVE-2022-41318", "mitigation": { "value": "Disable use of the vulnerable authentication scheme.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-21T00:00:00Z", "cvss": { "cvss_base_score": "4.4", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-248", "details": [ "arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.", "A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest." ], "statement": "This issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. Future kernel updates may address this issue.\nThis issue does affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6. The risks associated with fixing this bug are greater than its security impact. This issue is not currently planned to be addressed in future kernel updates for Red Hat Enterprise Linux 6.\nThis issue does affect the kvm packages as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "Red Hat would like to thank Nadav Amit for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3647\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3647" ], "name": "CVE-2014-3647", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-347", "details": [ "Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.", "A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Watson Ladd as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2730\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2730\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-64.html" ], "name": "CVE-2015-2730", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andreea Pavel, Christian Holler, Honza Bambas, Jason Kratzer, and Jeff Gilbert as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11709\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11709\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11709" ], "name": "CVE-2019-11709", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4485\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4485\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-89.html" ], "name": "CVE-2015-4485", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.", "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability." ], "statement": "This flaw only affects servers that are compiled with the NSS library and when the TLS 1.3 protocol is used.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "upstream_fix": "nss 3.58", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25648\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25648\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes" ], "name": "CVE-2020-25648", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-193", "details": [ "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.", "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 due to a missing commit ( bb646cdb12e75d82258c2f2e7746d5952d3e321a ) which enabled changed system behavior.\nThis issue does affect Red Hat Enteprise Linux 7 and MRG-2 kernels. A future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by Paul Moore (Red Hat Engineering).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2618\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2618" ], "name": "CVE-2017-2618", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "The HandleRFBServerMessage function in libvncclient/rfbproto.c in LibVNCServer 0.9.9 and earlier does not check certain malloc return values, which allows remote VNC servers to cause a denial of service (application crash) or possibly execute arbitrary code by specifying a large screen size in a (1) FramebufferUpdate, (2) ResizeFrameBuffer, or (3) PalmVNCReSizeFrameBuffer message.", "A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash." ], "acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-6052\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-6052" ], "name": "CVE-2014-6052", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.", "A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired." ], "statement": "Red Hat CloudForms 4.6 and newer versions include the vulnerable component, but there is no risk of exploitation since there is no possible vector to access the vulnerability. Older Red Hat CloudForms versions don't use the vulnerable component at all.", "upstream_fix": "bootstrap 4.3.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8331\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8331" ], "name": "CVE-2019-8331", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).", "It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. A local attacker may trigger this flaw by sending a dbus message to systemd with a large path making systemd crash or possibly elevating his privileges." ], "statement": "This vulnerability is present in Red Hat Virtualization Hypervisor and Management Appliance, however it can only be exploited locally. Since these systems do not typically have local user accounts, this issue has been rated Moderate severity for Red Hat Virtualization 4.", "acknowledgement": "Red Hat would like to thank Chris Coulson (Ubuntu Security) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6454\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6454" ], "name": "CVE-2019-6454", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3183\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3183" ], "name": "CVE-2018-3183", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-07-12T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-203", "details": [ "net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.", "It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5.", "acknowledgement": "Red Hat would like to thank Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting this issue.", "upstream_fix": "kernel 4.4.18, kernel 4.7.1, kernel 4.6.7, kernel 3.14.76", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5696\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5696\nhttp://lwn.net/Articles/696868/" ], "csaw": true, "name": "CVE-2016-5696" }, { "threat_severity": "Moderate", "public_date": "2019-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "upstream_fix": "firefox 65.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18511\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18511" ], "name": "CVE-2018-18511", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-07-11T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.", "A flaw was found that the vfs_rename() function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system." ], "statement": "This issue is not present in the Linux kernel packages as shipped with Red Hat Enterprise Linux versions 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.", "acknowledgement": "This issue was discovered by CAI Qian (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6198\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6198" ], "name": "CVE-2016-6198", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-131->CWE-122", "details": [ "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)" ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Zhaoyang Wu as the original reporter.", "upstream_fix": "curl 7.61.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14618\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14618\nhttps://curl.haxx.se/docs/CVE-2018-14618.html" ], "name": "CVE-2018-14618", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-11-01T00:00:00Z", "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-838", "details": [ "An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers. NOTE: the Unicode Consortium offers the following alternative approach to presenting this concern. An issue is noted in the nature of international text that can affect applications that implement support for The Unicode Standard and the Unicode Bidirectional Algorithm (all versions). Due to text display behavior when text includes left-to-right and right-to-left characters, the visual order of tokens may be different from their logical order. Additionally, control characters needed to fully support the requirements of bidirectional text can further obfuscate the logical order of tokens. Unless mitigated, an adversary could craft source code such that the ordering of tokens perceived by human reviewers does not match what will be processed by a compiler/interpreter/etc. The Unicode Consortium has documented this class of vulnerability in its document, Unicode Technical Report #36, Unicode Security Considerations. The Unicode Consortium also provides guidance on mitigations for this class of issues in Unicode Technical Standard #39, Unicode Security Mechanisms, and in Unicode Standard Annex #31, Unicode Identifier and Pattern Syntax. Also, the BIDI specification allows applications to tailor the implementation in ways that can mitigate misleading visual reordering in program text; see HL4 in Unicode Standard Annex #9, Unicode Bidirectional Algorithm.", "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer." ], "statement": "This is a flaw with the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. This is not a flaw in Red Hat products.", "acknowledgement": "Red Hat would like to thank Nicholas Boucher and Ross Anderson (University of Cambridge) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-42574\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-42574\nhttps://trojansource.codes/\nhttps://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/\nhttps://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing\nhttps://www.unicode.org/reports/tr39/" ], "csaw": true, "name": "CVE-2021-42574", "mitigation": { "value": "This issue can be mitigated by ensuring code commits get a proper review. All new commits can also be scanned for the presence of BiDi characters before accepting the commit.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2015-03-02T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-426", "details": [ "automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.", "It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the version of autofs package as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Georgia Institute (Technology) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8169\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8169" ], "name": "CVE-2014-8169", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-20T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "details": [ "The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.", "It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6489\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6489" ], "name": "CVE-2016-6489", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-250", "details": [ "The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.", "A flaw in the load_elf_binary() function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because install_exec_creds() is called too late in this function." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11190\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11190" ], "name": "CVE-2019-11190", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-667", "details": [ "The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.", "A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service (DoS), or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls." ], "acknowledgement": "This issue was discovered by Andrea Arcangeli (Red Hat Engineering).", "upstream_fix": "kernel 5.0.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11599\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11599" ], "name": "CVE-2019-11599", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-17T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-451", "details": [ "It was possible to cause the browser to enter fullscreen mode without displaying the security UI; thus making it possible to attempt a phishing attack or otherwise confuse the user. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abdulrahman Alqabandi (Microsoft Browser Vulnerability Research) as the original reporter.", "upstream_fix": "thunderbird 78.5, firefox 78.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-26953\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26953\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953" ], "name": "CVE-2020-26953", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3272\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3272" ], "name": "CVE-2017-3272", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free." ], "upstream_fix": "webkitgtk 2.20.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4200\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4200" ], "name": "CVE-2018-4200", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.", "A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore, Red Hat Enterprise Linux 8 and 9 have been rated with a moderate severity.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-server 21.1.11, xwayland 23.2.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21886\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21886" ], "name": "CVE-2024-21886", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-10-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members reported memory safety bugs present in Firefox 69 and Firefox ESR 68.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aaron Klotz, Bob Clary, Byron Campen, Christian Holler, Cristian Brindusan, Honza Bambas, Iain Ireland, Jason Kratzer, Steve Fink, and Tyson Smith as the original reporters.", "upstream_fix": "thunderbird 68.2, firefox 68.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11764\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11764\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764" ], "name": "CVE-2019-11764", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "firefox 115.8, thunderbird 115.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1550\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1550\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1550\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1550" ], "name": "CVE-2024-1550", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter." ], "statement": "This issue affects the versions of squid as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.\nRed Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nRed Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-13345\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13345" ], "name": "CVE-2019-13345", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, Safari 12.1.1, iTunes for Windows 12.9.5, iCloud for Windows 7.12. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8595\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8595\nhttps://webkitgtk.org/security/WSA-2019-0003.html" ], "name": "CVE-2019-8595", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10074\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10074" ], "name": "CVE-2017-10074", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-494", "details": [ "File downloads encoded with \"blob:\" and \"data:\" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges François Marier as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7814\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7814\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7814" ], "name": "CVE-2017-7814", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-347", "details": [ "The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.", "The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Marcus Brinkmann as the original reporter.", "upstream_fix": "thunderbird 115.6, firefox 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-50761\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-50761\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761" ], "name": "CVE-2023-50761", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-02-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing \"dual A/AAAA DNS queries\" and the libnss_dns.so.2 NSS module.", "A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module." ], "statement": "After updating the glibc package on affected systems, it is strongly recommended to reboot the system or restart all the affected services. For more information please refer to: https://access.redhat.com/articles/2161461", "acknowledgement": "This issue was discovered by Google Security Team and Red Hat.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7547\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7547\nhttps://access.redhat.com/articles/2161461" ], "csaw": true, "name": "CVE-2015-7547" }, { "threat_severity": "Moderate", "public_date": "2014-06-12T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-190", "details": [ "The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.", "An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank Gopal Reddy Kodudula (Nokia Siemens Networks) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4667\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4667" ], "name": "CVE-2014-4667", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-863", "details": [ "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via Kerberos to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-35567\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35567" ], "name": "CVE-2021-35567", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-10-02T00:00:00Z", "cvss": { "cvss_base_score": "8.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.", "A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless." ], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "upstream_fix": "dnsmasq 2.78", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-14492\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14492\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw": true, "name": "CVE-2017-14492" }, { "threat_severity": "Moderate", "public_date": "2020-03-02T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling." ], "upstream_fix": "webkitgtk 2.28.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10018\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10018" ], "name": "CVE-2020-10018", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "(CWE-182|CWE-400)", "details": [ "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2", "A flaw was found in Squid. This issue may allow a remote client or remote server to trigger a denial of service when sending oversized headers in HTTP messages." ], "statement": "This issue can be exploitable when the Squid request_header_max_size and reply_header_max_size configuration options have a big value, specifically, values greater than 64KB. In Squid versions prior to 6.5, the default value of these options are unsafe.\nThe Squid package as shipped in Red Hat Enterprise Linux 7, 8 and 9 has an unsafe default configuration and is vulnerable to this issue.", "upstream_fix": "squid 6.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-25617\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-25617\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr\nhttps://megamansec.github.io/Squid-Security-Audit/response-memleaks.html" ], "name": "CVE-2024-25617", "mitigation": { "value": "To mitigate this flaw in Squid versions prior to 6.5, set the request_header_max_size and reply_header_max_size configuration options to 21KB. The following lines should be added to the Squid configuration file:\n~~~\nrequest_header_max_size 21 KB\nreply_header_max_size 21 KB\n~~~\nIn Squid versions 6.5 and newer, the default values of these options are considered safe and the above configuration can be removed. Also, Squid will emit a warning in the logs if the configured values are unsafe.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-12-01T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.", "A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9079\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9079\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079" ], "name": "CVE-2016-9079", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-07-30T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().", "A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.", "upstream_fix": "libwebp 1.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-25011\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-25011" ], "name": "CVE-2018-25011", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-10-18T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.", "A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5554\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5554\nhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html#AppendixJAVA" ], "name": "CVE-2016-5554", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-22T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in the chrome event handler when it is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9820\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9820\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/#CVE-2019-9820" ], "name": "CVE-2019-9820", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20921\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20921\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20921", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JCE). The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2842\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2842" ], "name": "CVE-2019-2842", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-02-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.", "It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat and JBoss Web processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default." ], "upstream_fix": "tomcat 7.0.50, tomcat 6.0.39, tomcat 8.0.0-rc10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-4322\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4322" ], "name": "CVE-2013-4322", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel", "A flaw was found in the Linux kernel. A logic error in eventpoll.c can cause a use-after-free, leading to a local escalation of privilege with no additional execution privileges. User interaction is not needed for exploitation. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability." ], "upstream_fix": "kernel-rt-3.10.0 1160.57.1.rt56.1198.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0466\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0466" ], "name": "CVE-2020-0466", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-12-07T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.", "When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database." ], "upstream_fix": "389-ds-base 1.4.4.13, 389-ds-base 1.4.3.19, 389-ds-base 2.0.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-35518\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-35518" ], "name": "CVE-2020-35518", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "(CWE-327|CWE-757)", "details": [ "The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the \"FREAK\" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.", "It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method." ], "statement": "This issue affects versions of openssl as shipped with Red Hat Enterprise Linux 5, 6 and 7. Errata have been released to correct this issue.\nThis issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact and does not plan to address this flaw for the openssl098e component in any future security updates.\nThis issue affects the version of openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 1.0.1k, OpenSSL 0.9.8zd, OpenSSL 1.0.0p", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0204\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0204\nhttps://securityblog.redhat.com/2015/03/04/factoring-rsa-export-keys-freak-cve-2015-0204/\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2015-0204", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5472\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5472\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472" ], "name": "CVE-2017-5472", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-11-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.", "A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out." ], "acknowledgement": "Red Hat would like to thank Evgenii Shatokhin (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16884\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16884" ], "name": "CVE-2018-16884", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gregory Smiley (Security Compass) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11712\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11712\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11712" ], "name": "CVE-2019-11712", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-21T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.", "An out-of-bounds memory write flaw was found in qfq_change_agg in net/sched/sch_qfq.c in the Traffic Control (QoS) subsystem in the Linux kernel. This flaw allows a local user to crash or potentially escalate their privileges on the system." ], "upstream_fix": "Kernel 6.5-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3611\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3611\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64" ], "name": "CVE-2023-3611", "mitigation": { "value": "Mitigation for this issue is to skip loading the affected module sch_qfq onto the system until we have a fix available. This can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically? \nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of NSSToken objects referenced via direct points that could have been accessed unsafely on different threads, leading to a use-after-free and potentially exploitable crash." ], "upstream_fix": "thunderbird 91.8, firefox 91.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1097\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1097" ], "name": "CVE-2022-1097", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.", "A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack." ], "statement": "The samba4 package in Red Hat Enterprise Linux 6, is a tech preview and by default uses the SMB1 protocol, therefore though affected by this flaw, will not be addressed in a security update.", "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.4.16, samba 4.5.14, samba 4.6.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12151\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12151\nhttps://www.samba.org/samba/security/CVE-2017-12151.html" ], "name": "CVE-2017-12151", "mitigation": { "value": "Keep the default of \"client max protocol = NT1\".", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2012-09-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: Various versions of Python do not properly restrict readline calls, which allows remote attackers to cause a denial of service (memory consumption) via a long string, related to (1) httplib - fixed in 2.7.4, 2.6.9, and 3.3.3; (2) ftplib - fixed in 2.7.6, 2.6.9, 3.3.3; (3) imaplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; (4) nntplib - fixed in 2.7.6, 2.6.9, 3.3.3; (5) poplib - not yet fixed in 2.7.x, fixed in 2.6.9, 3.3.3; and (6) smtplib - not yet fixed in 2.7.x, fixed in 2.6.9, not yet fixed in 3.3.x. NOTE: this was REJECTed because it is incompatible with CNT1 \"Independently Fixable\" in the CVE Counting Decisions", "It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory." ], "statement": "Red Hat JBoss SOA Platform 5 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes; and Red Hat JBoss SOA Platform 4.3 is now in Extended Life Support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware Product Life Cycle: https://access.redhat.com/support/policy/updates/jboss_notes/", "upstream_fix": "python 3.2.6, python 3.4.0, python 3.3.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-1752\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1752" ], "name": "CVE-2013-1752", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-03-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.", "A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory." ], "upstream_fix": "kernel-3.10.0 862.1.1.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1068\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1068" ], "name": "CVE-2018-1068", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-449", "details": [ "Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThrough a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown)." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "firefox 115.8, thunderbird 115.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1547\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1547\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1547\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1547" ], "name": "CVE-2024-1547", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-04-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2798\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2798" ], "name": "CVE-2018-2798", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-787|CWE-119)", "details": [ "In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "An out-of-bounds write flaw was found in the i2c driver in the Linux kernel. This flaw allows an attacker to escalate privileges with system execution privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9454\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9454" ], "name": "CVE-2019-9454", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-285->CWE-212", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21296\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21296" ], "name": "CVE-2022-21296", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.", "An issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation." ], "upstream_fix": "kernel 4.18-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-13093\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-13093" ], "name": "CVE-2018-13093", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-14T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-130", "details": [ "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.", "The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service." ], "statement": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7645\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7645" ], "name": "CVE-2017-7645", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-10-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-681", "details": [ "In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.", "A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.\nFuture Linux kernel updates for the respective releases may address this issue.", "upstream_fix": "kernel 4.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9725\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9725\nhttps://source.android.com/security/bulletin/2017-09-01" ], "name": "CVE-2017-9725", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-03-07T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free can occur when events are fired for a \"FontFace\" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5402\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5402\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5402" ], "name": "CVE-2017-5402", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-02T12:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-327", "details": [ "During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78.", "A flaw was found in NSS, where it is vulnerable to RSA key generation cache timing side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. The highest threat to this flaw is to confidentiality." ], "statement": "A timing attack was found in the way NSS generated RSA keys. A man-in-the-middle attacker could use this attack during RSA key generation to recover the private key. This attack is only feasible when the attacker is local to the machine or in certain cross-VM scenarios where the signature is being generated. Attacks over the network or via the internet are not feasible.", "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Billy Bob Brumley (Network and Information Security Group (NISEC), Cesar Pereida (Network and Information Security Group (NISEC), Nicola Tuveri (Network and Information Security Group (NISEC), and Yuval Yarom (Network and Information Security Group (NISEC) as the original reporters.", "upstream_fix": "nss 3.53.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12402\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12402\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.53.1_release_notes" ], "name": "CVE-2020-12402", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability." ], "upstream_fix": "gdk-pixbuf 2.36.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-2862\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2862\nhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366" ], "name": "CVE-2017-2862", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact.", "A buffer overflow on the heap was found in gf_getspec_req RPC request. A remote, authenticated attacker could use this flaw to cause denial of service and read arbitrary files on glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14653\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14653" ], "name": "CVE-2018-14653", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-01-17T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21835\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21835" ], "name": "CVE-2023-21835", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21628\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21628" ], "name": "CVE-2022-21628", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash." ], "upstream_fix": "thunderbird 91.8, firefox 91.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-1196\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-1196" ], "name": "CVE-2022-1196", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage).", "A flaw was found in the way the libvirtd daemon issued the 'suspend' command to a QEMU guest-agent running inside a guest, where it holds a monitor job while issuing the 'suspend' command to a guest-agent. A malicious guest-agent may use this flaw to block the libvirt daemon indefinitely, resulting in a denial of service." ], "statement": "This issue affects the version of the libvirt package as shipped with Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8. Future libvirt updates for Red Hat Enterprise Linux 7, 8 and Red Hat Enterprise Linux Advanced Virtualization 8 may address this issue.\nRed Hat Enterprise Linux version 5 and 6 are in Maintenance Support 2 Phase of the life cycle. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates of the Red Hat Enterprise Linux version 5 and 6. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "acknowledgement": "This issue was discovered by Eric Blake (Red Hat Inc.).", "upstream_fix": "libvirt 6.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20485\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20485" ], "name": "CVE-2019-20485", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-09-22T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.", "A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support." ], "statement": "TLS server applications using OpenSSL versions in Red Hat Enterprise Linux 6 and 7 are only affected if they enable OCSP stapling support. Applications not enabling OCSP stapling support are not affected. Few applications implement OCSP stapling support and typically do not enable it by default.", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter.", "upstream_fix": "openssl 1.0.2i, openssl 1.1.0a, openssl 1.0.1u", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6304\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6304\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-6304", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-10-24T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-822", "details": [ "The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.", "A buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility." ], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "binutils 2.25", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8485\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8485" ], "name": "CVE-2014-8485", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-01-14T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-401", "details": [ "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2.", "A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash." ], "statement": "This issue affects version 219-62 of systemd as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3815\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3815" ], "name": "CVE-2019-3815", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brandon Wieser as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9790\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9790\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9790" ], "name": "CVE-2019-9790", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "status": "verified" }, "cwe": "CWE-200", "details": [ "An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.", "A flaw was found in gupnp. DNS rebinding can occur when a victim's browser is used by a remote web server to trigger actions against local UPnP services including data exfiltration, data tempering, and other exploits. The highest threat from this vulnerability is to data confidentiality and integrity." ], "upstream_fix": "gupnp 1.2.5, gupnp 1.0.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-33516\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33516\nhttps://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536\nhttps://gitlab.gnome.org/GNOME/gupnp/-/commit/05e964d48322ff23a65c6026d656e4494ace6ff9.\nhttps://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac\nhttps://gitlab.gnome.org/GNOME/gupnp/-/issues/24" ], "name": "CVE-2021-33516", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA malicious devtools extension could have been used to escalate privileges." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Rob Wu as the original reporter.", "upstream_fix": "firefox 115.7, thunderbird 115.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-0751\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0751\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-02/#CVE-2024-0751\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-04/#CVE-2024-0751" ], "name": "CVE-2024-0751", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"server signing = mandatory\" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream.", "It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.2.10, samba 4.4.1, samba 4.3.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2114\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2114\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2114", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-11-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMemory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla Developers as the original reporter.", "upstream_fix": "firefox 115.5, thunderbird 115.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-6212\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-6212\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6212\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6212" ], "name": "CVE-2023-6212", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5432\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5432\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5432" ], "name": "CVE-2017-5432", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-06T00:00:00Z", "cvss": { "cvss_base_score": "5.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.", "A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution.\nThe flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG 2.x. This issue has been rated as having Moderate security impact. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Eyal Itkin for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8633\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8633" ], "name": "CVE-2016-8633", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-01-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.", "A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity." ], "statement": "Dnsmasq may be run by libvirt and/or NetworkManager. libvirt uses dnsmasq by default to provide DNS service to its guests. NetworkManager may be configured to use dnsmasq to provide DNS service to the system, if a line `dns=dnsmasq` is present in the `[main]` section of the configuration file /etc/NetworkManager/NetworkManager.conf.\nIn Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV), the dnsmasq package is provided by the underlying Red Hat Enterprise Linux (RHEL) product. RHOSP and RHV are therefore indirectly affected, so please ensure that the underlying RHEL dnsmasq package is updated.", "acknowledgement": "Red Hat would like to thank Moshe Kol (JSOF) and Shlomi Oberman (JSOF) for reporting this issue.", "upstream_fix": "dnsmasq 2.83", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25684\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25684\nhttps://www.jsof-tech.com/disclosures/dnspooq/" ], "csaw": true, "name": "CVE-2020-25684", "mitigation": { "value": "The impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default).\nWhen using Red Hat Enterprise Linux 8.3 with libvirt through a virt:rhel module, use `virsh net-edit ` and reference https://libvirt.org/formatnetwork.html#elementsNamespaces to add the suggested option `cache-size=0`. \nThere is no way to customize the dnsmasq configuration generated by libvirt, when using versions of Red Hat Enterprise Linux prior to version 8.3. If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.\nIn all cases, by disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system’s environment before applying.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2021-02-23T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "As specified in the W3C Content Security Policy draft, when creating a violation report, \"User agents need to ensure that the source file is the URL requested by the page, pre-redirects. If that’s not possible, user agents need to strip the URL down to an origin to avoid unintentional leakage.\" Under certain types of redirects, Firefox incorrectly set the source file to be the destination of the redirects. This was fixed to be the redirect destination's origin. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter.", "upstream_fix": "thunderbird 78.8, firefox 78.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23969\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23969\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23969" ], "name": "CVE-2021-23969", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.", "A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "In Red Hat Enterprise Linux 8, Red Hat Certificate System 10 and Identity Management are using the pki-servlet-engine component, which embeds a vulnerable version of Tomcat. However, in these specific contexts, the prerequisites to the vulnerability are not met. The PersistentManager is not set, and a SecurityManager is used. The use of pki-servlet-engine outside of these contexts is not supported. As a result, the vulnerability can not be triggered in supported configurations of these products. A future update may update Tomcat in pki-servlet-engine.\nRed Hat Satellite do not ship Tomcat and rather use its configuration. The product is not affected because configuration does not make use of PersistanceManager or FileStore. Tomcat updates can be obtain from Red Hat Enterprise Linux (RHEL) RHSA.", "upstream_fix": "tomcat 7.0.104, tomcat 8.5.55, tomcat 9.0.35, tomcat 10.0.0-M5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-9484\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-9484\nhttp://mail-archives.apache.org/mod_mbox/tomcat-announce/202005.mbox/%3Ce3a0a517-bf82-ba62-0af6-24b83ea0e4e2%40apache.org%3E\nhttp://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.0.0-M5\nhttp://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.104\nhttp://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.55\nhttp://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.35" ], "name": "CVE-2020-9484", "mitigation": { "value": "Users may configure the PersistenceManager with an appropriate value for sessionAttributeValueClassNameFilter to ensure that only application provided attributes are serialized and deserialized. For more details about the configuration, refer to the Apache Tomcat 9 Configuration Reference https://tomcat.apache.org/tomcat-9.0-doc/config/manager.html.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message.", "A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled." ], "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Emilia Käsper (the OpenSSL development team) and Sean Burford (Google) as the original reporters.", "upstream_fix": "openssl 1.0.2a, openssl 1.0.0r, openssl 1.0.1m, openssl 0.9.8zf", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0293\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0293\nhttps://access.redhat.com/articles/1384453\nhttps://openssl.org/news/secadv_20150319.txt" ], "name": "CVE-2015-0293", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-10-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-401", "details": [ "During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nDuring garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges anbu as the original reporter.", "upstream_fix": "firefox 115.4, thunderbird 115.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-5728\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5728\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5728\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5728" ], "name": "CVE-2023-5728", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-31T08:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.", "A flaw was found in glusterfs server which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14660\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14660" ], "name": "CVE-2018-14660", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-02-18T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).", "A newline injection flaw was discovered in the FTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate FTP connections established by a Java application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3533\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3533\nhttp://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA" ], "name": "CVE-2017-3533", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20->CWE-77", "details": [ "LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session.", "A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8, therefore this flaw has been rated as having moderate impact for Red Hat Enterprise linux 8.", "upstream_fix": "libX11 1.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-31535\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-31535\nhttps://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/\nhttps://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt" ], "name": "CVE-2021-31535", "mitigation": { "value": "xterm should not be used to display less trusted data, e.g. from SSH connections to less trusted remote machines.\nTo avoid attacks via .Xdefaults on kiosk type machines, where graphical user has no permission to execute arbitrary operating system commands or sometimes not even to send hardware keyboard keystrokes, the .Xdefaults must not be modifiable by the user.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-19T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.", "A vulnerability was found in the Linux kernel. The Zr364xx USB device driver is susceptible to malicious USB devices. An attacker able to add a specific USB device could cause a crash leading to a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15217\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15217" ], "name": "CVE-2019-15217", "mitigation": { "value": "To mitigate this issue, prevent module zr364xx from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-05T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.", "A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto()." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and is planned to be addressed in future updates.\nFor additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue doesn't affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 7 and MRG-2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-8399\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8399" ], "name": "CVE-2016-8399", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-14T00:00:00Z", "cvss": { "cvss_base_score": "7.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.", "A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function." ], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, 7, MRG-2 and realtime and may be addressed in a future update.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7117\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7117" ], "name": "CVE-2016-7117", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "status": "draft" }, "cwe": "CWE-88", "details": [ "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.", "A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Normally, the \"--command\" argument of \"flatpak run\" expects being given a command to run in the specified Flatpak app, along with optional arguments. However, it is possible to pass bwrap arguments to \"--command=\" instead, such as \"--bind\". It is possible to pass an arbitrary \"commandline\" to the portal interface \"org.freedesktop.portal.Background.RequestBackground\" within the Flatpak app. This is normally safe because it can only specify a command that exists inside the sandbox. When a crafted \"commandline\" is converted into a \"--command\" and arguments, the app could achieve the same effect of passing arguments directly to bwrap to achieve sandbox escape." ], "statement": "This vulnerability poses an important security risk due to its potential for sandbox escape within Flatpak environments. Exploiting this vulnerability allows a malicious Flatpak application to execute arbitrary code outside of its designated sandbox, effectively bypassing the security measures intended to restrict its system access. By manipulating the --command argument and the org.freedesktop.portal.Background.RequestBackground portal interface, an attacker can craft commands that are misinterpreted as bwrap options, leading to unauthorized execution of commands with elevated privileges. This could result in unauthorized data access, system compromise, and potentially enable further exploitation of the host system.", "upstream_fix": "flatpak 1.15.8, flatpak 1.10.9, flatpak 1.12.9, flatpak 1.14.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-32462\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-32462" ], "name": "CVE-2024-32462", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-11-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.", "A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9447\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9447\nhttps://scarybeastsecurity.blogspot.cz/2016/11/0day-exploit-compromising-linux-desktop.html" ], "name": "CVE-2016-9447", "mitigation": { "value": "sudo rm /usr/lib*/gstreamer-0.10/libgstnsf.so\nPlease note that this mitigation deletes the vulnerable NSF codec file, which removes the functionality to play Nintendo NSF music files.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-476", "details": [ "When processing a message that contains multiple S/MIME signatures, a bug in the MIME processing code caused a null pointer dereference, leading to an unexploitable crash. This vulnerability affects Thunderbird < 68.5." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Stephan Lauffer as the original reporter.", "upstream_fix": "thunderbird 68.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-6795\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-6795\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6795" ], "name": "CVE-2020-6795", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-09-04T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.", "A flaw was found in squid. Due to improper validation while parsing the request URI, squid is vulnerable to HTTP request smuggling. This issue could allow a trusted client to perform an HTTP request smuggling attack and access services otherwise forbidden by squid. The highest threat from this vulnerability is to data confidentiality." ], "statement": "This flaw is not tied to a specific proxy type (e.g., forward or reverse) and has been rated as having a security impact of Important. This flaw affects the versions of Squid as shipped with Red Hat Enterprise Linux 7 and 8, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Extended Life Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "squid 5.0.5, squid 4.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25097\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25097\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6" ], "name": "CVE-2020-25097", "mitigation": { "value": "This flaw can be mitigated by setting the `uri_whitespace` directive in squid.conf to either: \n```\nuri_whitespace deny\n```\nor\n```\nuri_whitespace encode\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-08-27T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.", "A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Bas Venis as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4498\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4498\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-95.html" ], "name": "CVE-2015-4498", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-16T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-862", "details": [ "A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.", "A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape." ], "statement": "The nested virtualization feature is not enabled by default up to Red Hat Enterprise Linux 8.4. Most importantly, Red Hat currently provides nested virtualization only as a Technology Preview, and is therefore unsupported for production use. For additional details please see https://access.redhat.com/solutions/21101 and https://access.redhat.com/support/offerings/techpreview.", "acknowledgement": "This issue was discovered by Maxim Levitsky (Red Hat).", "upstream_fix": "kernel 5.14-rc7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3653\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3653\nhttps://www.openwall.com/lists/oss-security/2021/08/16/1" ], "name": "CVE-2021-3653", "mitigation": { "value": "This vulnerability can be mitigated by disabling the nested virtualization feature:\n```\n# modprobe -r kvm_amd\n# modprobe kvm_amd nested=0\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-19T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be \"jumped\" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).", "A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult." ], "statement": "This is a kernel-side mitigation. For a related glibc mitigation please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000366 .", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000364\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000364\nhttps://access.redhat.com/security/vulnerabilities/stackguard\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt" ], "csaw": true, "name": "CVE-2017-1000364" }, { "threat_severity": "Moderate", "public_date": "2016-07-19T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-190", "details": [ "Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3550\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3550\nhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixJAVA" ], "name": "CVE-2016-3550", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes.", "A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 4.1.4, glusterfs 3.12.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10929\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10929" ], "name": "CVE-2018-10929", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2022-06-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.", "The Mozilla Foundation Security Advisory describes this flaw as:\nSession history navigations may have led to a use-after-free and potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Ebert as the original reporter.", "upstream_fix": "thunderbird 91.11, thunderbird 102, firefox 91.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-34470\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34470\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34470\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34470" ], "name": "CVE-2022-34470", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-04-16T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-789", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).", "A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.\nNote: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-21085\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21085\nhttps://www.oracle.com/security-alerts/cpuapr2024.html#AppendixJAVA" ], "name": "CVE-2024-21085", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts).", "It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5552\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5552" ], "name": "CVE-2016-5552", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "WebKitGTK and WPE WebKit prior to version 2.24.1 are vulnerable to address bar spoofing upon certain JavaScript redirections. An attacker could cause malicious web content to be displayed as if for a trusted URI. This is similar to the CVE-2018-8383 issue in Microsoft Edge." ], "upstream_fix": "webkitgtk 2.24.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6251\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6251" ], "name": "CVE-2019-6251", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-456", "details": [ "Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function.", "The use of uninitialized memory related to \"graphite2::GlyphCache::Loader::read_glyph\" has been reported in graphite2. An attacker could possibly exploit this flaw to negatively impact the execution of an application using graphite2 in unknown ways." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7777\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7777\nhttps://sourceforge.net/p/silgraphite/mailman/message/35824024/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7777", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-07-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-285", "details": [ "A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.", "It was found that Polkit's CheckAuthorization and RegisterAuthenticationAgent D-Bus calls did not validate the client provided UID. A specially crafted program could use this flaw to submit arbitrary UIDs, triggering various denial of service or minor disclosures, such as which authentication is cached in the victim's session." ], "upstream_fix": "polkit 0.116", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1116\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1116" ], "name": "CVE-2018-1116", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-07-27T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-120", "details": [ "In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.", "A vulnerability was found in the Linux kernel’s CX24116 tv-card driver, where an out of bounds read occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. An attacker could use this flaw to leak kernel private information to userspace." ], "statement": "This flaw requires a Conexant CX24116 series TV-media card to be in the system for this driver to load. This flaw is when an attacker attempts to use the card to communicate with a satellite tv control subsystem ( via Digital Satellite Equipment Control command) by issuing a specially crafted ioctl to the device.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-9289\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-9289" ], "name": "CVE-2015-9289", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability this could have been used for an out of bounds memory read. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was used. In conjunction with another vulnerability, this could have been used for an out-of-bounds memory read." ], "upstream_fix": "thunderbird 91.8, firefox 91.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-28285\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28285" ], "name": "CVE-2022-28285", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.", "A flaw was found in the samba client where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Michael Hanselmann as the original reporter.", "upstream_fix": "samba 4.11.2, samba 4.10.10, samba 4.9.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10218\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10218\nhttps://www.samba.org/samba/security/CVE-2019-10218.html" ], "name": "CVE-2019-10218", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-449", "details": [ "If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kai Engert as the original reporter.", "upstream_fix": "thunderbird 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-0616\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0616\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0616" ], "name": "CVE-2023-0616", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-158", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21937\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21937" ], "name": "CVE-2023-21937", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-01T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-601", "details": [ "In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.", "A flaw was found in Apache HTTP Server (httpd) versions 2.4.0 to 2.4.41. Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL." ], "statement": "This issue only affects httpd versions between 2.4.0 and 2.4.41. Therefore Red Hat Enterprise Linux 5 and 6 are not affected by this flaw.", "upstream_fix": "httpd 2.4.42", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-1927\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1927\nhttps://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2020-1927", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-295", "details": [ "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-11712\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-11712" ], "name": "CVE-2018-11712", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-191->CWE-787", "details": [ "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.", "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system." ], "upstream_fix": "kernel 6.6-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-42753\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-42753\nhttps://seclists.org/oss-sec/2023/q3/216" ], "name": "CVE-2023-42753", "mitigation": { "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-22", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-22049\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22049" ], "name": "CVE-2023-22049", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-04T00:00:00Z", "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.", "An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This issue was rated as having Moderate impact because of the need of physical access or administrator privileges to trigger it.", "upstream_fix": "kernel 5.4.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-20636\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20636" ], "name": "CVE-2019-20636", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-20", "details": [ "Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.", "A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to a data corruption issue. An attacker could potentially cause data integrity issues by sending specially crafted messages." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "upstream_fix": "thunderbird 102.3.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-39236\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39236\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-43/#CVE-2022-39236" ], "name": "CVE-2022-39236", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-532", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N).", "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20945\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20945\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20945", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-01-13T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.", "A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service." ], "upstream_fix": "tigervnc 1.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5581\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5581" ], "name": "CVE-2017-5581", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-02-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.", "An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code." ], "acknowledgement": "Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Greg Stark and Tom Lane as the original reporters.", "upstream_fix": "postgresql 9.1.20, postgresql 9.3.11, postgresql 9.4.6, postgresql 9.2.15, postgresql 9.5.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0773\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0773" ], "name": "CVE-2016-0773", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-12-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in xorg-x11-server. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "The Xorg server in Red Hat Enterprise Linux 8 does not run with root privileges, thus this flaw has been rated as having a moderate impact on that platform.", "acknowledgement": "Red Hat would like to thank Jan-Niklas Sohn (Trend Micro Zero Day Initiative) for reporting this issue.", "upstream_fix": "xorg-x11-server 1.20.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-25712\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25712\nhttps://lists.x.org/archives/xorg-announce/2020-December/003066.html" ], "name": "CVE-2020-25712", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-06-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.", "A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service (daemon crash)." ], "acknowledgement": "Red Hat would like to thank Javantea for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3204\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3204\nhttps://libreswan.org/security/CVE-2015-3204/CVE-2015-3204-libreswan.patch\nhttps://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt" ], "name": "CVE-2015-3204", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..", "Improper validation in the bnx2x network card driver of the Linux kernel version 4.15 can allow for denial of service (DoS) attacks via a packet with a gso_size larger than ~9700 bytes. Untrusted guest VMs can exploit this vulnerability in the host machine, causing a crash in the network card." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, as supported configurations are not affected.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000026\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000026" ], "name": "CVE-2018-1000026", "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "details": [ "If a page is loaded from an original site through a hyperlink and contains a redirect to a \"data:text/html\" URL, triggering a reload will run the reloaded \"data:text/html\" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Takeshi Terada as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5466\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5466\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5466" ], "name": "CVE-2017-5466", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-16T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "verified" }, "cwe": "CWE-330", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).", "It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-2599\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-2599" ], "name": "CVE-2018-2599", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-06-06T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst reported memory safety bugs present in Firefox 113 and Firefox ESR 102.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developers and community as the original reporter.", "upstream_fix": "thunderbird 102.12, firefox 102.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-34416\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34416\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34416" ], "name": "CVE-2023-34416", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-17T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.", "An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application." ], "acknowledgement": "Red Hat would like to thank Gustavo Grieco for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0718\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0718" ], "name": "CVE-2016-0718", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution." ], "statement": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "upstream_fix": "tomcat 7.0.82, tomcat 8.0.47, tomcat 8.5.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12617\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12617\nhttps://tomcat.apache.org/security-7.html\nhttps://tomcat.apache.org/security-8.html" ], "name": "CVE-2017-12617", "mitigation": { "value": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\nBlock HTTP methods that permit resource modification for untrusted users.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2020-08-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-444", "details": [ "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.", "A flaw was found in squid. Due to incorrect data validation, an HTTP Request Splitting attack against HTTP and HTTPS traffic is possible leading to cache poisoning. The highest threat from this vulnerability is to data confidentiality and integrity." ], "upstream_fix": "squid 4.13, squid 5.0.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15811\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15811" ], "name": "CVE-2020-15811", "mitigation": { "value": "Disable the relaxed HTTP parser in `squid.conf`:\n```\nrelaxed_header_parser off\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.", "A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet." ], "acknowledgement": "Red Hat would like to thank Internet Systems Consortium for reporting this issue. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter.", "upstream_fix": "bind 9.10.5-P2, bind 9.9.10-P2, bind 9.11.1-P2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3142\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3142\nhttps://kb.isc.org/article/AA-01504" ], "name": "CVE-2017-3142", "mitigation": { "value": "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in parallel. For information on how to configure this type of compound authentication control, please see:\nhttps://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-30T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17041\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17041" ], "name": "CVE-2019-17041", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-04-26T00:00:00Z", "cvss": { "cvss_base_score": "4.6", "cvss_scoring_vector": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "status": "verified" }, "details": [ "Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8896\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8896" ], "name": "CVE-2015-8896", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-02-21T00:00:00Z", "cvss3": { "cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "An issue was discovered in Exiv2 0.27. There is infinite recursion at Exiv2::Image::printTiffStructure in the file image.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." ], "upstream_fix": "exiv2 0.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9143\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9143" ], "name": "CVE-2019-9143", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16418\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16418\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16418", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8689\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8689\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8689", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-835", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3214\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3214" ], "name": "CVE-2018-3214", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-01-28T00:00:00Z", "cvss": { "cvss_base_score": "9.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.", "The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7913\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7913" ], "name": "CVE-2016-7913", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2734\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2734\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-66.html" ], "name": "CVE-2015-2734", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-03-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-20->CWE-444", "details": [ "In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.", "A flaw was found in python-twisted-web, where it does not correctly process HTTP requests with both Content-Length and Transfer-Encoding headers. When the requests sent from and to the python-twisted-web are processed by another component that correctly processes HTTP requests, for example, a proxy, back-end, or web application firewall, a remote attacker can use this flaw to perform an HTTP request smuggling attack. This flaw impacts the system differently based on the type of application and the infrastructure." ], "statement": "Although Red Hat OpenStack Platform packages the flawed code, python-twisted's web.HTTP functionality is not used in the RHOSP environment. For this reason, the RHOSP impact has been lowered to moderate and no update will be provided at this time for the RHOSP python-twisted package .\nOpenShift Container Platform 4.3 and later includes `python-twisted` as a dependency of `python-prometheus_client` in Ironic container images, however the affected code is not used.\nRed Hat Satellite uses affected versions of `python-twisted` and `python-twisted-web` modules in Pulp, however, it is not vulnerable since `http` modal of web implementation is not expose in product. Red Hat Satellite may update `python-twisted` and `python-twisted-web` in future.\nThis issue affects the version of python-twisted(embedded in calamari-server) shipped with Red Hat Ceph Storage 2. However, calamari is no longer supported, hence the embedded python-twisted package will not be fixed.", "upstream_fix": "twisted 20.3.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10109\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10109\nhttps://github.com/twisted/twisted/blob/twisted-20.3.0/NEWS.rst" ], "name": "CVE-2020-10109", "mitigation": { "value": "When python-twisted-web is used as the back-end of your infrastructure, you can partially mitigate the problem by ensuring that each request on the front-end component (e.g. proxy) is sent over a separate network connection to the python-twisted-web server. This will prevent interference between different users, but it will not prevent all possible attacks that can be performed, which would vary based on the infrastructure and application in use.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-27T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.", "A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7393\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7393" ], "name": "CVE-2017-7393", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-08-05T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5." ], "upstream_fix": "libreoffice 6.2.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9849\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9849\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9849" ], "name": "CVE-2019-9849", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-06-02T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"", "It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5, 6, and 7, and Red Hat Enterprise MRG 2. Future Linux\nkernel updates for the respective releases will address this issue.", "acknowledgement": "This issue was discovered by Red Hat.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1805" ], "name": "CVE-2015-1805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-26T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-287", "details": [ "The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.", "It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "This issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7097\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7097" ], "name": "CVE-2016-7097", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-04-30T00:00:00Z", "cvss": { "cvss_base_score": "1.7", "cvss_scoring_vector": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "status": "verified" }, "details": [ "The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.", "An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests. A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes." ], "statement": "This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-1739\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-1739" ], "name": "CVE-2014-1739", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).", "A flaw was found in the Linux Kernel in the ucma_leave_multicast() function in drivers/infiniband/core/ucma.c which allows access to a certain data structure after freeing it in ucma_process_join(). This allows an attacker to cause a use-after-free bug and to induce kernel memory corruption, leading to a system crash or other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely." ], "upstream_fix": "kernel 4.18-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-14734\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-14734" ], "name": "CVE-2018-14734", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-119", "details": [ "The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4486\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4486\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-89.html" ], "name": "CVE-2015-4486", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4492\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4492\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-92.html" ], "name": "CVE-2015-4492", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-10-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files." ], "upstream_fix": "openssh 7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15906\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15906" ], "name": "CVE-2017-15906", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Dominique Hazaël-Massieux as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1962\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1962\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-25.html" ], "name": "CVE-2016-1962", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-94->CWE-502", "details": [ "XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.", "A flaw was found in XStream. By manipulating the processed input stream, a remote attacker may be able to obtain sufficient rights to execute commands. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\nCodeReady Studio 12 ships a version of xstream that is affected by this flaw as a transitive dependency for the Wise framework plugin. However, the vulnerable code is not called, so this flaw has been marked as Low severity for CodeReady Studio 12.\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security", "upstream_fix": "xstream 1.4.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29505\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29505\nhttps://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc\nhttps://x-stream.github.io/CVE-2021-29505.html" ], "name": "CVE-2021-29505", "mitigation": { "value": "Depending on the version of XStream used there are various usage patterns that mitigate this flaw, though we would strongly recommend using the allow list approach if at all possible as there are likely more class combinations the deny list approach may not address.\nAllow list approach\n```java\nXStream xstream = new XStream();\nXStream.setupDefaultSecurity(xstream);\nxstream.allowTypesByWildcard(new String[] {\"com.misc.classname\"})\n```\nDeny list for XStream 1.4.16 (this should also address some previous flaws found in 1.4.7 - > 1.4.15) \n```java\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.Lazy(?:Search)?Enumeration.*\", \"(?:java|sun)\\\\.rmi\\\\..*\" });\n```\nDeny list for XStream 1.4.15\n```java\nxstream.denyTypes(new String[]{ \"sun.awt.datatransfer.DataTransferer$IndexOrderComparator\", \"sun.swing.SwingLazyValue\", \"com.sun.corba.se.impl.activation.ServerTableEntry\", \"com.sun.tools.javac.processing.JavacProcessingEnvironment$NameProcessIterator\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$ServiceNameIterator\", \"javafx\\\\.collections\\\\.ObservableList\\\\$.*\", \".*\\\\.bcel\\\\..*\\\\.util\\\\.ClassLoader\" });\nxstream.denyTypeHierarchy(java.io.InputStream.class );\nxstream.denyTypeHierarchy(java.nio.channels.Channel.class );\nxstream.denyTypeHierarchy(javax.activation.DataSource.class );\nxstream.denyTypeHierarchy(javax.sql.rowset.BaseRowSet.class );\n```\nDeny list for XStream 1.4.13\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\n```\nDeny list for XStream 1.4.7 -> 1.4.12\n```java\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\n```\nDeny list for versions prior to XStream 1.4.7\n```java\nxstream.registerConverter(new Converter() {\npublic boolean canConvert(Class type) {\nreturn type != null && (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class || type == java.lang.Void.class || void.class || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || Proxy.isProxy(type));\n}\npublic Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\nthrow new ConversionException(\"Unsupported type due to security reasons.\");\n}\npublic void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\nthrow new ConversionException(\"Unsupported type due to security reasons.\");\n}\n}, XStream.PRIORITY_LOW);\n```", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "(CWE-190|CWE-119)", "details": [ "Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4493\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4493\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-83.html" ], "name": "CVE-2015-4493", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-07-17T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "details": [ "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.", "A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely." ], "upstream_fix": "httpd 2.4.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-0231\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0231\nhttp://httpd.apache.org/security/vulnerabilities_24.html" ], "name": "CVE-2014-0231", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2797\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2797\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-37.html" ], "name": "CVE-2016-2797", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-426", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-3149\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-3149" ], "name": "CVE-2018-3149", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-06-12T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-325", "details": [ "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)." ], "upstream_fix": "openssl 1.0.2p, openssl 1.1.0i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-0732\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-0732\nhttps://www.openssl.org/news/secadv/20180612.txt" ], "name": "CVE-2018-0732", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-06-21T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-121", "details": [ "Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.", "A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9775\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9775" ], "name": "CVE-2017-9775", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-12-11T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.", "An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9585\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9585" ], "name": "CVE-2014-9585", "csaw": false }, { "threat_severity": "Low", "public_date": "2013-03-04T00:00:00Z", "cvss": { "cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-749", "details": [ "The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.", "A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel." ], "statement": "This issue did not affect the versions of the kernel as shipped\nwith Red Hat Enterprise Linux 4, 5, and 6.\nThis issue affects the versions of the Linux as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-9644\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9644" ], "name": "CVE-2014-9644", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-10-20T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-665", "details": [ "Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4805\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA" ], "name": "CVE-2015-4805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-01T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-617", "details": [ "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.", "An incorrect boundary check was found in the way squid handled the Vary header in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 3.5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3948\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3948\nhttp://www.squid-cache.org/Advisories/SQUID-2016_4.txt" ], "name": "CVE-2016-3948", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-01-28T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.", "A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system." ], "statement": "This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this flaw.", "acknowledgement": "Red Hat would like to thank Akira Fujita (NEC) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7822\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7822" ], "name": "CVE-2014-7822", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-01-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "details": [ "named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.", "A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9147\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9147\nhttps://kb.isc.org/article/AA-01440" ], "name": "CVE-2016-9147", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "The internal feed reader APIs that crossed the sandbox barrier allowed for a sandbox escape and escalation of privilege if combined with another vulnerability that resulted in remote code execution inside the sandboxed process. This vulnerability affects Firefox ESR < 52.1 and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Theriault as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5455\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5455\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5455" ], "name": "CVE-2017-5455", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-06-29T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-125", "details": [ "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Hanno Boeck as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8317\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8317" ], "name": "CVE-2015-8317", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-06-01T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11." ], "upstream_fix": "thunderbird 78.11, firefox 78.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29967\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29967" ], "name": "CVE-2021-29967", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.", "A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10883\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10883" ], "name": "CVE-2018-10883", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system.", "It has been discovered that lftp does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker-controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system." ], "upstream_fix": "lftp 4.8.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10916\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10916" ], "name": "CVE-2018-10916", "csaw": false }, { "threat_severity": "Low", "public_date": "2017-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-125", "details": [ "In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the \"!= 0x1c\" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.", "An integer underflow, leading to heap-based out-of-bound read, was found in the way Exiv2 library prints IPTC Photo Metadata embedded in an image. By persuading a victim to open a crafted image, a remote attacker could crash the application or possibly retrieve a portion of memory." ], "statement": "This issue did not affect the versions of Exiv2 as shipped with Red Hat Enterprise Linux 6 and 7 as they did not include support for printing IPTC Photo Metadata.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-17724\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-17724" ], "name": "CVE-2017-17724", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-02-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-400", "details": [ "The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 0.26 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file." ], "upstream_fix": "exiv 0.27", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4868\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4868" ], "name": "CVE-2018-4868", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-24T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-228", "details": [ "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", "It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response." ], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. \nFor additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "upstream_fix": "squid 4.0.7, squid 3.5.15", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2571\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2571\nhttp://www.squid-cache.org/Advisories/SQUID-2016_2.txt" ], "name": "CVE-2016-2571", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-03-31T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-352", "details": [ "The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.", "A flaw was found in the Beacon interface implementation in Firefox. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Christoph Kerschbaumer and Muneaki Nishimura as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0807\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0807\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-37.html" ], "name": "CVE-2015-0807", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-04-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment." ], "statement": "This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.", "upstream_fix": "openssl 1.0.1h, openssl 1.0.0m", "references": [ "https://www.cve.org/CVERecord?id=CVE-2010-5298\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-5298\nhttps://www.openssl.org/news/secadv_20140605.txt" ], "name": "CVE-2010-5298", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1834\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1834" ], "name": "CVE-2016-1834", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-15T00:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2962\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2962" ], "name": "CVE-2019-2962", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges André Bargull as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4478\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4478\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-82.html" ], "name": "CVE-2015-4478", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-08-27T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Jean-Max Reymond and Ucha Gobejishvili as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4497\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4497\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-94.html" ], "name": "CVE-2015-4497", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the media elements are freed from memory. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Filipe Gomes as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5396\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5396\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5396" ], "name": "CVE-2017-5396", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-04-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-400", "details": [ "Ribose RNP before 0.16.3 may hang when the input is malformed.", "The Mozilla Foundation Security Advisory describes this flaw as:\nCertain malformed OpenPGP messages could trigger incorrect parsing of PKESK/SKESK packets due to a bug in the Ribose RNP library used by Thunderbird up to version 102.9.1, which would cause the Thunderbird user interface to hang. The issue was discovered using Google's oss-fuzz." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ribose RNP Team as the original reporter.", "upstream_fix": "thunderbird 102.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-29479\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29479\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29479" ], "name": "CVE-2023-29479", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-09-12T00:00:00Z", "cvss3": { "cvss3_base_score": "2.4", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-120", "details": [ "Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs." ], "upstream_fix": "opensc 0.19.0-rc1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16426\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16426\nhttps://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/" ], "name": "CVE-2018-16426", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18506\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18506\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2018-18506" ], "name": "CVE-2018-18506", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-06-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-829", "details": [ "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Black as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12364\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12364\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-16/#CVE-2018-12364" ], "name": "CVE-2018-12364", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-09-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.", "An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function." ], "statement": "No httpd module in Red Hat Enterprise Linux and Red Hat Software Collections pass untrusted data to ap_escape_quotes function, thus the Impact of the flaw has been set to Moderate.", "upstream_fix": "httpd 2.4.49", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-39275\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-39275" ], "name": "CVE-2021-39275", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-1173", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21496\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21496" ], "name": "CVE-2022-21496", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-04T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.", "A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-7910\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-7910" ], "name": "CVE-2016-7910", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-04-18T00:00:00Z", "cvss3": { "cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-119", "details": [ "The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.", "A flaw was found in the Linux kernel, before 4.16.6 where the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory." ], "upstream_fix": "kernel 4.16.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10940\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10940" ], "name": "CVE-2018-10940", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-12-02T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.", "A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption." ], "statement": "This issue does not affect the kernels as shipping with Red Hat Enterprise Linux 5 and 6. This issue does affect kernels 7, MRG-2 and realtime kernels and plans to be fixed in a future update.", "upstream_fix": "kernel 4.9-rc8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-9793\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-9793" ], "name": "CVE-2016-9793", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-09-07T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92." ], "upstream_fix": "thunderbird 78.14, firefox 78.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-38493\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38493" ], "name": "CVE-2021-38493", "csaw": false }, { "threat_severity": "Important", "public_date": "2024-04-16T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.", "The Mozilla Foundation Security Advisory describes this flaw as:\nThe JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "firefox 115.10, thunderbird 115.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-3857\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3857\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-19/#CVE-2024-3857\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-20/#CVE-2024-3857" ], "name": "CVE-2024-3857", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-10T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to universal cross site scripting." ], "upstream_fix": "webkitgtk 2.24.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8551\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8551" ], "name": "CVE-2019-8551", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution." ], "statement": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "upstream_fix": "tomcat 7.0.81", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12615\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12615\nhttps://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81" ], "name": "CVE-2017-12615", "mitigation": { "value": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\nBlock HTTP methods that permit resource modification for untrusted users.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10107\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10107" ], "name": "CVE-2017-10107", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-03-18T00:00:00Z", "cvss": { "cvss_base_score": "2.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2568\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2568" ], "name": "CVE-2014-2568", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-73", "details": [ "Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access." ], "upstream_fix": "qt 5.12.7, qt 5.14.0, qt 5.9.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-0569\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-0569" ], "name": "CVE-2020-0569", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-03-30T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119->CWE-125", "details": [ "In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11046\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11046" ], "name": "CVE-2020-11046", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash.", "A null pointer dereference flaw was found in Samba RPC external printer service. An attacker could use this flaw to cause the printer spooler service to crash." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue.", "upstream_fix": "samba 4.5.16, samba 4.6.14, samba 4.7.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1050\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1050\nhttps://www.samba.org/samba/security/CVE-2018-1050.html" ], "name": "CVE-2018-1050", "mitigation": { "value": "Ensure the paramter:\nrpc_server:spoolss = external\nis not set in the [global] section of your smb.conf.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7205\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7205\nhttps://www.mozilla.org/security/announce/2015/mfsa2015-145.html" ], "name": "CVE-2015-7205", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13, Safari 13.0.1, iTunes for Windows 12.10.1, iCloud for Windows 10.7, iCloud for Windows 7.14. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8763\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8763\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8763", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-14T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2, when certain proxy and forward options are enabled, do not properly maintain connection file descriptors, which allows remote servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by requesting many forwardings.", "A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options." ], "acknowledgement": "Red Hat would like to thank Qualys for reporting this issue.", "upstream_fix": "openssh 7.1p2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0778\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0778\nhttp://www.openssh.com/txt/release-7.1p2\nhttps://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt" ], "name": "CVE-2016-0778", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-16T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.", "A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of memory and crash." ], "acknowledgement": "Red Hat would like to thank Samba project for reporting this issue. Upstream acknowledges Thilo Uttendorfer as the original reporter.", "upstream_fix": "libldb 1.1.24", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3223\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3223\nhttps://www.samba.org/samba/security/CVE-2015-3223.html" ], "name": "CVE-2015-3223", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-11T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-440", "details": [ "An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.", "A flaw was found in the Linux kernel’s implementation of the WiFi station handoff code. An attacker within the radio range could use this flaw to deny a valid device from joining the access point." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5108\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5108" ], "name": "CVE-2019-5108", "mitigation": { "value": "At this time there is no known mitigations to this issue other than to install the updated kernel package.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used integrity group key (IGTK) during a Wireless Network Management (WNM) Sleep Mode handshake." ], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13088\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13088\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13088", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-1173->CWE-502", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21293\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21293" ], "name": "CVE-2022-21293", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-06-30T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges worcester12345 as the original reporter.", "upstream_fix": "thunderbird 68.10.0, thunderbird 78, firefox 68.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-12419\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12419\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419" ], "name": "CVE-2020-12419", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8815\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8815\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8815", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-01-29T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-270", "details": [ "In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.", "It was found that flatpak's D-Bus proxy did not properly filter the access to D-Bus during the authentication protocol. A specially crafted flatpak application could use this flaw to bypass all restrictions imposed by flatpak and have full access to the D-BUS interface." ], "upstream_fix": "flatpak 0.10.3, flatpak 0.8.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-6560\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6560" ], "name": "CVE-2018-6560", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-29T00:00:00Z", "cvss3": { "cvss3_base_score": "10.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-287", "details": [ "An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. This could allow for a sandbox escape through IPC channels due to lack of message validation in the listener process. This vulnerability affects Thunderbird < 60.5, Firefox ESR < 60.5, and Firefox < 65." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jed Davis as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18505\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18505\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-02/#CVE-2018-18505" ], "name": "CVE-2018-18505", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-06-23T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-190->CWE-122", "details": [ "Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.", "An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image." ], "upstream_fix": "gd 2.2.3, php 5.5.37, php 5.6.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5766\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5766" ], "name": "CVE-2016-5766", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-05-07T15:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.", "It was found that 389-ds-base did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service." ], "acknowledgement": "Red Hat would like to thank Greg Kubok for reporting this issue.", "upstream_fix": "389-ds-base 1.3.6.15, 389-ds-base 1.3.8.1, 389-ds-base 1.4.0.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1089\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1089" ], "name": "CVE-2018-1089", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.", "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity." ], "statement": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.", "upstream_fix": "python 3.11", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-24329\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24329\nhttps://pointernull.com/security/python-url-parse-problem.html" ], "name": "CVE-2023-24329", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-25T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-362->CWE-416", "details": [ "An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.", "A flaw was found in the Linux kernel’s implementation of the SAS expander subsystem, where a race condition exists in the smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. An attacker could abuse this flaw to corrupt memory and escalate privileges." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20836\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20836" ], "name": "CVE-2018-20836", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-08-11T00:00:00Z", "cvss": { "cvss_base_score": "6.2", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-266", "details": [ "The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.", "A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users." ], "upstream_fix": "openssh 7.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-6563\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6563\nhttp://www.openssh.com/txt/release-7.0" ], "name": "CVE-2015-6563", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-369", "details": [ "In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.", "It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service." ], "upstream_fix": "kernel-3.10.0 543.el7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10741\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10741" ], "name": "CVE-2016-10741", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-07-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.", "A use-after-free vulnerability was found in fw_set_parms in net/sched/cls_fw.c in network scheduler sub-component in the Linux Kernel. This issue occurs due to a missing sanity check during cleanup at the time of failure, leading to a misleading reference. This may allow a local attacker to gain local privilege escalation." ], "upstream_fix": "Kernel 6.5-rc2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-3776\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3776\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f" ], "name": "CVE-2023-3776", "mitigation": { "value": "To mitigate this issue, prevent module cls_fw from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-787", "details": [ "A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "This flaw is rated as a having Moderate impact, because only local user with access to VGA console can trigger it (for example if booting with param \"nomodeset\").", "acknowledgement": "Red Hat would like to thank Yunhai Zhang (NSFOCUS Security Team) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14331\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14331" ], "name": "CVE-2020-14331", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5091\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5091\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091" ], "name": "CVE-2018-5091", "csaw": false }, { "threat_severity": "Critical", "public_date": "2018-09-05T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 62, Firefox ESR < 60.2, and Thunderbird < 60.2.1." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Gaynor, Bogdan Tara, Boris Zbarsky, Christian Holler, Christoph Diehl, Jason Kratzer, Jed Davis, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, and Tyson Smith as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12376\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12376\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2018-12376" ], "name": "CVE-2018-12376", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-07T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.", "A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. The use-after-free occurs if the timer object is freed before calling sync_vmcs12() routine. A guest user/process could use this flaw to crash the host kernel resulting in a denial of service or, potentially, gain privileged access to a system." ], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 7. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.\nNote: Impact on Red Hat Enterprise Linux 7 kernel is limited, as it requires that nested virtualization feature is enabled on a system. Nested Virtualization feature is available only as - Technology Preview.", "acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7221\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7221" ], "name": "CVE-2019-7221", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-02-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-1021", "details": [ "If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Hafiizh as the original reporter.", "upstream_fix": "firefox 115.8, thunderbird 115.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-1549\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-1549\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-06/#CVE-2024-1549\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-07/#CVE-2024-1549" ], "name": "CVE-2024-1549", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-06T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1." ], "upstream_fix": "libreoffice 6.3.1, libreoffice 6.2.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9854\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9854\nhttps://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/" ], "name": "CVE-2019-9854", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity." ], "upstream_fix": "tigervnc 1.10.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-15692\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15692" ], "name": "CVE-2019-15692", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-04-14T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-185->CWE-400", "details": [ "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-2830\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-2830" ], "name": "CVE-2020-2830", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-300", "details": [ "The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka \"BADLOCK.\"", "A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.2.10, samba 4.3.7, samba 4.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2118\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2118\nhttp://badlock.org/\nhttps://access.redhat.com/articles/2243351\nhttps://access.redhat.com/articles/2253041" ], "csaw": true, "name": "CVE-2016-2118" }, { "threat_severity": "Important", "public_date": "2023-07-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\nWhen u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.\nWe recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.", "There are 3 CVEs for the use-after-free flaw found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. \nA local user could use any of these flaws to crash the system or potentially escalate their privileges on the system.\nSimilar CVE-2023-4128 was rejected as a duplicate." ], "upstream_fix": "Kernel 6.5-rc5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4208\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4208\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=76e42ae831991c828cffa8c37736ebfb831ad5ec\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8\nhttps://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/" ], "name": "CVE-2023-4208", "mitigation": { "value": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.", "A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service." ], "upstream_fix": "389-ds-base 1.3.7.9, 389-ds-base 1.3.6.13, 389-ds-base 1.4.0.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15134\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15134" ], "name": "CVE-2017-15134", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-02-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).", "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack." ], "statement": "This is a a null pointer dereference in the X509_issuer_and_serial_hash() function, which can result in crash if called by an application compiled with OpenSSL, by passing a specially-crafted certificate. OpenSSL internally does not use this function.", "upstream_fix": "openssl 1.1.1j, openssl 1.0.2y", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23841\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23841\nhttps://www.openssl.org/news/secadv/20210216.txt" ], "name": "CVE-2021-23841", "mitigation": { "value": "As per upstream \"The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources.\"", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges the UK Communications Electronics Security Group of the GCHQ as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1966\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1966\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-31.html" ], "name": "CVE-2016-1966", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-03-18T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:P/A:C", "status": "verified" }, "details": [ "The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows local users to cause a denial of service (memory corruption or system crash) by accessing certain memory locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage migration, related to fs/proc/task_mmu.c and mm/mempolicy.c.", "A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages." ], "statement": "This issue did not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3940\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3940" ], "name": "CVE-2014-3940", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-908", "details": [ "Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91." ], "upstream_fix": "firefox 78.13, thunderbird 78.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29980\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29980" ], "name": "CVE-2021-29980", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-667", "details": [ "The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.", "A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there." ], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5. This issue does affect the kernels shipped with Red Hat Enterprise Linux 6, 7, MRG-2 and realtime kernels and plans to be addressed in a future update.", "acknowledgement": "Red Hat would like to thank Dmitry Vyukov (Google engineering) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8539\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8539\nhttps://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd" ], "name": "CVE-2015-8539", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-06-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-276", "details": [ "Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target (and for the backup directory and backup files).", "An access flaw was found in targetcli, where the `/etc/target` and underneath backup directory/files were world-readable. This flaw allows a local attacker to access potentially sensitive information such as authentication credentials from the /etc/target/saveconfig.json and backup files. The highest threat from this vulnerability is to confidentiality." ], "statement": "The version of targetcli shipped with Red Hat Ceph Storage 3 sets the world-readable permissions for `/etc/target` and `/etc/target/backup` directory that store the sensitive information, hence affected by this vulnerability.", "upstream_fix": "targetcli-fb 2.1.53", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-13867\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13867" ], "name": "CVE-2020-13867", "mitigation": { "value": "$ chmod -R og-rwx /etc/target\nFuture backup files will still be created with incorrect permissions, but attackers will not be able to access the target directory.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-09-09T00:00:00Z", "cvss": { "cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple \"keyctl newring\" operations followed by a \"keyctl timeout\" operation.", "A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system." ], "statement": "This issue does not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 7 may address this issue.", "acknowledgement": "Red Hat would like to thank Frey Alfredsson for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3631\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3631" ], "name": "CVE-2014-3631", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-06-14T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters.", "upstream_fix": "graphite2 1.3.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7778\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7778\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778" ], "name": "CVE-2017-7778", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-12-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nA use-after-free in WebGL extensions could have led to a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan as the original reporter.", "upstream_fix": "thunderbird 102.6, firefox 102.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-46882\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46882\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46882\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46882" ], "name": "CVE-2022-46882", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-07T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-119", "details": [ "The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.", "An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3281\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3281" ], "name": "CVE-2015-3281", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-01-03T22:00:00Z", "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-226->CWE-385->CWE-200", "details": [ "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks." ], "statement": "Please see the Vulnerability Response article for the full list of updates available and a detailed discussion of this issue.", "acknowledgement": "Red Hat would like to thank Google Project Zero for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5715\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5715\nhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html\nhttps://meltdownattack.com\nhttps://spectreattack.com/" ], "csaw": true, "name": "CVE-2017-5715" }, { "threat_severity": "Important", "public_date": "2019-08-28T10:00:00Z", "cvss3": { "cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.", "A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. Where, while parsing vendor-specific informational attributes, an attacker on the same WiFi physical network segment could cause a system crash, resulting in a denial of service, or potentially execute arbitrary code. This flaw affects the network interface at the most basic level meaning the attacker only needs to affiliate with the same network device as the vulnerable system to create an attack path." ], "acknowledgement": "Red Hat would like to thank Huangwen (ADLab of Venustech) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-14816\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14816\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7caac62ed598a196d6ddf8d9c121e12e082cac3a" ], "name": "CVE-2019-14816", "mitigation": { "value": "At this time there is no mitigation to the flaw, if you are able to disable wireless and your system is able to work this will be a temporary mitigation until a kernel update is available for installation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-02-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page." ], "upstream_fix": "thunderbird 60.5.1, firefox ESR 60.5.1, firefox 65.0.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5785\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5785" ], "name": "CVE-2019-5785", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-770", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10108\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10108" ], "name": "CVE-2017-10108", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-06-18T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:P/A:C", "status": "verified" }, "cwe": "CWE-190", "details": [ "Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.", "An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system." ], "statement": "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5 may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-4656\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4656" ], "name": "CVE-2014-4656", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-476", "details": [ "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.", "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image." ], "acknowledgement": "Red Hat would like to thank Wen Xu for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1094\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1094" ], "name": "CVE-2018-1094", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-10T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.", "A flaw was found in the Linux kernel's ext4_unlink function. An attacker could corrupt memory or escalate privileges when deleting a file from a recently unmounted specially crafted ext4 filesystem, including local, USB, and iSCSI." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19447\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19447\nhttps://bugzilla.kernel.org/show_bug.cgi?id=205433\nhttps://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19447" ], "name": "CVE-2019-19447", "mitigation": { "value": "Ext4 filesytems are built into the kernel so it is not possible to prevent the kernel module from loading. However, this flaw can be prevented by disallowing mounting of untrusted filesystems.\nAs mounting is a privileged operation, (except for device hotplug) removing the ability for mounting and unmounting will prevent this flaw from being exploited.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-08-10T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "details": [ "The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.", "A vulnerability was discovered in Tomcat where the CORS Filter did not send a \"Vary: Origin\" HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches." ], "upstream_fix": "tomcat 7.0.79, tomcat 8.0.45, tomcat 8.5.16", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7674\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7674\nhttps://tomcat.apache.org/security-7.html\nhttps://tomcat.apache.org/security-8.html" ], "name": "CVE-2017-7674", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-01-28T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "details": [ "ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.", "A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks." ], "statement": "This security flaw can only be exploited when a malicious client negotiates SSLv2 ciphers and completes a SSLv2 handshake. This flaw cannot be actively exploited by a Man-In-The-Middle attacker. \nAll versions of OpenSSL shipped with Red Hat Enterprise Linux enable SSLv2 protocol, but disable SSLv2 ciphers by default (in Red Hat Enterprise Linux 6 and later), therefore are vulnerable to this flaw. Red Hat Product Security has rated this issue as having Low security impact, a future update may address this flaw.\nSSLv2 suffers from a number of security flaws allowing attackers to capture and alter information passed between a client and the server. Therefore we strongly recommend that SSLv2 should be disabled on all the SSL/TLS servers.", "acknowledgement": "Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters.", "upstream_fix": "openssl 1.0.1r, openssl 1.0.2f", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-3197\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-3197\nhttps://www.openssl.org/news/secadv/20160128.txt" ], "name": "CVE-2015-3197", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script, which would have run arbitrary code after the user clicked it." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.6, firefox 91.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22756\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22756\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22756\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22756" ], "name": "CVE-2022-22756", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-11-06T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-476", "details": [ "An issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating a filename of an embedded file before constructing a save path." ], "statement": "This issue affects the versions of poppler as shipped with Red Hat Enterprise Linux 7.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-19060\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-19060" ], "name": "CVE-2018-19060", "csaw": false }, { "threat_severity": "Important", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "7.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-190->CWE-121", "details": [ "Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow." ], "statement": "This issue does not affect the version of rpm package as shipped with Red Hat Enterprise Linux 5 and 6.", "acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8118\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8118" ], "name": "CVE-2014-8118", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-16T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges the OSS-Fuzz project as the original reporter.", "upstream_fix": "curl 7.60.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000301\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000301\nhttps://curl.haxx.se/docs/adv_2018-b138.html" ], "name": "CVE-2018-1000301", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-07-13T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90." ], "upstream_fix": "thunderbird 78.12, firefox 78.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29970\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29970" ], "name": "CVE-2021-29970", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abdulrahman Alqabandi as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1958\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1958\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-21.html" ], "name": "CVE-2016-1958", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iCloud for Windows 11.0. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8710\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8710\nhttps://webkitgtk.org/security/WSA-2019-0006.html" ], "name": "CVE-2019-8710", "csaw": false }, { "threat_severity": "Important", "public_date": "2015-07-01T00:00:00Z", "cvss": { "cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cwe": "CWE-835", "details": [ "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.", "A flaw was found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-5366\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5366" ], "name": "CVE-2015-5366", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-02T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.", "It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application." ], "statement": "The flaw in Log4j-1.x is now identified by CVE-2019-17571. CVE-2017-5645 has been assigned by MITRE to a similar flaw identified in Log4j-2.x", "upstream_fix": "log4j 2.8.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5645\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5645" ], "name": "CVE-2017-5645", "csaw": false }, { "threat_severity": "Low", "public_date": "2018-12-30T00:00:00Z", "cvss3": { "cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-617", "details": [ "In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20662\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20662" ], "name": "CVE-2018-20662", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-07-19T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-284", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21541\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21541" ], "name": "CVE-2022-21541", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.", "A use-after-free vulnerability was found in a network namespaces code affecting the Linux kernel since v4.0-rc1 through v4.15-rc5. The function get_net_ns_by_id() does not check for the net::count value after it has found a peer network in netns_ids idr which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Kirill Tkhai for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-15129\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15129" ], "name": "CVE-2017-15129", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-10T00:00:00Z", "cvss": { "cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-377", "details": [ "The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.", "It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files." ], "acknowledgement": "This issue was discovered by Harald Hoyer (Red Hat).", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0267\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0267" ], "name": "CVE-2015-0267", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-09T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-697->CWE-284", "details": [ "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.", "A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges." ], "acknowledgement": "Red Hat would like to thank Jan Rybar (freedesktop.org) for reporting this issue. Upstream acknowledges Jann Horn (Google Project Zero) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-6133\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-6133\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1692" ], "name": "CVE-2019-6133", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11089\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11089" ], "name": "CVE-2020-11089", "mitigation": { "value": "The vulnerability is associated with the use of the command line options: /drive, +multitouch, /paralell, /printer, and /servial. To mitigate this vulnerability, do not use these commands.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-09-22T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-250", "details": [ "The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors." ], "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7176\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7176\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2015-112/" ], "name": "CVE-2015-7176", "csaw": false }, { "threat_severity": "Low", "public_date": "2021-02-23T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-209", "details": [ "When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andreas Pehrson as the original reporter.", "upstream_fix": "thunderbird 78.8, firefox 78.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23973\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23973\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-08/#CVE-2021-23973" ], "name": "CVE-2021-23973", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-03-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.", "A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7394\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7394" ], "name": "CVE-2017-7394", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-07-08T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-451", "details": [ "Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frederik Braun as the original reporter.", "upstream_fix": "thunderbird 78, firefox 78.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15648\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15648\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-28/#CVE-2020-15648" ], "name": "CVE-2020-15648", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-10-16T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-323", "details": [ "Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used group key (GTK) during a Wireless Network Management (WNM) Sleep Mode handshake." ], "statement": "This issues affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7.\nThis issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5.", "acknowledgement": "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-13087\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13087\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ], "name": "CVE-2017-13087", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-18T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).", "A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-10115\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-10115" ], "name": "CVE-2017-10115", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.", "A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code." ], "upstream_fix": "squid 4.0.9, squid 3.5.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4051\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4051\nhttp://www.squid-cache.org/Advisories/SQUID-2016_5.txt" ], "name": "CVE-2016-4051", "csaw": false }, { "threat_severity": "Important", "public_date": "2016-05-12T00:00:00Z", "cvss": { "cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified" }, "cwe": "CWE-120", "details": [ "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.", "A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.", "acknowledgement": "Red Hat would like to thank Philip Pettersson (Samsung) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0758\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0758" ], "name": "CVE-2016-0758", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-03T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "details": [ "When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3.", "A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "upstream_fix": "nss 3.39, nss 3.36.5", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12384\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12384\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.5_release_notes\nhttps://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes" ], "name": "CVE-2018-12384", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-09-11T00:00:00Z", "cvss3": { "cvss3_base_score": "8.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.", "A flaw in the Linux kernel's WiFi beacon validation code was discovered. The code does not check the length of the variable length elements in the beacon head potentially leading to a buffer overflow. System availability, as well as data confidentiality and integrity, can be impacted by this vulnerability." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-16746\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16746" ], "name": "CVE-2019-16746", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-11-26T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.", "A flaw was found in the Linux kernel with files on tmpfs and hugetlbfs. An attacker is able to bypass file permissions on filesystems mounted with tmpfs/hugetlbs to modify a file and possibly disrupt normal system behavior. At this time there is an understanding there is no crash or privilege escalation but the impact of modifications on these filesystems of files in production systems may have adverse affects." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-18397\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-18397" ], "name": "CVE-2018-18397", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-01-24T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5378\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5378\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5378" ], "name": "CVE-2017-5378", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-843", "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2628\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2628\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2628", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-05-17T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.", "A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query." ], "statement": "This issue does not affect the versions of OpenLDAP as shipped with Red Hat Enterprise Linux 6 and 7 as they don't use the affected MDB backend in their default configurations. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-9287\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-9287\nhttp://www.openldap.org/its/?findid=8655" ], "name": "CVE-2017-9287", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T12:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed.", "It was discovered that libvirtd would permit readonly clients to use the virDomainManagedSaveDefineXML() API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local attacker could modify this file such that libvirtd would execute an arbitrary program when the domain was resumed." ], "statement": "* This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.\n* Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.", "acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue.", "upstream_fix": "libvirt 4.10.1, libvirt 5.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10166\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10166\nhttps://access.redhat.com/libvirt-privesc-vulnerabilities" ], "csaw": true, "name": "CVE-2019-10166", "mitigation": { "value": "The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2019-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution." ], "upstream_fix": "webkitgtk 2.24.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8677\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8677\nhttps://webkitgtk.org/security/WSA-2019-0004.html" ], "name": "CVE-2019-8677", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-11-06T14:00:00Z", "cvss3": { "cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ], "statement": "The Red Hat Enterprise Linux 7.2 and later kernels default to a safe /proc/sys/kernel/perf_event_paranoid setting; local administrators may have reason to change the setting to allow non privileged users to monitor performance statistics.", "acknowledgement": "Red Hat would like to thank Ryota Shiga (Flatt Security) and Zero Day Initiative for reporting this issue.", "upstream_fix": "kernel 5.8.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-14351\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14351" ], "name": "CVE-2020-14351", "mitigation": { "value": "While there is no way to disable the perf subsystem on Linux systems, reducing or removing users access to the perf events can effectively mitigate this flaw. Upstream kernel documentation has been written regarding this mechanism: https://www.kernel.org/doc/html/latest/admin-guide/perf-security.html.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-02-20T00:00:00Z", "cvss": { "cvss_base_score": "5.4", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.", "A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system." ], "statement": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-2706\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2706" ], "name": "CVE-2014-2706", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2012-09-25T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-400", "details": [ "The gzip_decode function in the xmlrpc client library in Python 3.4 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP request.", "It was discovered that the Python xmlrpclib did not restrict the size of a gzip compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory." ], "statement": "This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 5 and 6 as their XMLRPC library did not include support for gzip encoded content.", "upstream_fix": "python 3.3.7, python 3.4.3, python 2.7.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2013-1753\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1753" ], "name": "CVE-2013-1753", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "(CWE-284|CWE-250)", "details": [ "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.", "The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs accept an \"emulator\" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges." ], "statement": "* This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.\n* Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.", "acknowledgement": "This issue was discovered by Jan Tomko (Red Hat).", "upstream_fix": "libvirt 4.10.1, libvirt 5.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10168\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10168\nhttps://access.redhat.com/libvirt-privesc-vulnerabilities" ], "csaw": true, "name": "CVE-2019-10168", "mitigation": { "value": "The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2024-06-11T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIf a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Lukas Bernhard as the original reporter.", "upstream_fix": "firefox 115.12, thunderbird 115.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-5688\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-5688\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-26/#CVE-2024-5688\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2024-28/#CVE-2024-5688" ], "name": "CVE-2024-5688", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-07-31T13:40:00Z", "cvss3": { "cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L", "status": "verified" }, "cwe": "CWE-22->CWE-94", "details": [ "It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user.", "It was found that icedtea-web did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user." ], "acknowledgement": "Red Hat would like to thank Imre Rad for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10182\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10182" ], "name": "CVE-2019-10182", "mitigation": { "value": "No known mitigation.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-416", "details": [ "By using a link with rel=\"localization\" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potential exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: By using a link with rel=\"localization,\" a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed pointer, leading to a potentially exploitable crash." ], "upstream_fix": "thunderbird 91.8, firefox 91.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-28282\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28282" ], "name": "CVE-2022-28282", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-05-09T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-862", "details": [ "Sites can bypass security checks on permissions to install lightweight themes by manipulating the \"baseURI\" property of the theme element. This could allow a malicious site to install a theme without user interaction which could contain offensive or embarrassing images. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Wladimir Palant as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-5168\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-5168\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5168" ], "name": "CVE-2018-5168", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-08-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "details": [ "Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2837\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2837\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-77.html" ], "name": "CVE-2016-2837", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-09-04T05:30:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.", "A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume." ], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10930\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10930" ], "name": "CVE-2018-10930", "mitigation": { "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2021-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch", "A buffer overflow flaw was found in the SPNEGO implementation used by BIND. This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "statement": "BIND servers shipped with Red Hat Enterprise Linux are compiled with GSS-TSIG and are therefore affected by this flaw. However, these BIND packages use the default settings and are not vulnerable by default.", "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Trend Micro Zero Day Initiative as the original reporter.", "upstream_fix": "bind 9.11.28, bind 9.16.12", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-8625\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8625\nhttps://kb.isc.org/docs/cve-2020-8625" ], "name": "CVE-2020-8625", "mitigation": { "value": "As per upstream:\nBIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features.\nIn a configuration which uses BIND's default settings, the vulnerable code path is NOT exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options.\nAlthough the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers.\nThis vulnerability only affects servers configured to use GSS-TSIG, most often to sign dynamic updates. If another mechanism can be used to authenticate updates, the vulnerability can be avoided by choosing not to enable the use of GSS-TSIG features.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-09-21T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-20->CWE-119", "details": [ "A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used. This vulnerability affects Thunderbird < 60.2.1, Firefox ESR < 60.2.1, and Firefox < 62.0.2." ], "statement": "This flaw cannot be exploited through email in Thunderbird as scripting is disabled in this for email content. It may be possible to exploit through Feeds (Atom or RSS) or other browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Philipp as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12385\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12385\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2018-23/#CVE-2018-12385" ], "name": "CVE-2018-12385", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-11-07T00:00:00Z", "cvss": { "cvss_base_score": "4.0", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:N/I:N/A:C", "status": "verified" }, "details": [ "kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.", "An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 5.\nThis issue does affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for\nthe respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Robert Święcki for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-7825\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-7825" ], "name": "CVE-2014-7825", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-05-06T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-611", "details": [ "libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors.", "It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file (limited to libvirt as shipped with Red Hat Enterprise Linux 7); parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system." ], "statement": "This issue affects the versions of libvirt as shipped with Red Hat Enterprise Linux 5, however the impact is limited to denial of service since it does not support fine grained access control.", "acknowledgement": "Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-5177\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-5177\nhttp://security.libvirt.org/2014/0003.html" ], "name": "CVE-2014-5177", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-02-05T00:00:00Z", "cvss": { "cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified" }, "cwe": "CWE-662->CWE-300", "details": [ "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.", "An information leak flaw was found in the wathe PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed." ], "acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Stephen Frost as the original reporter.", "upstream_fix": "postgresql 9.3.6, postgresql 9.1.15, postgresql 9.0.19, postgresql 9.2.10, postgresql 9.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8161\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8161\nhttp://www.postgresql.org/about/news/1569/" ], "name": "CVE-2014-8161", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-02-08T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1021", "details": [ "If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.", "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If a user installed a particular type of extension, the extension could have auto-updated itself, and while doing so may have bypassed the prompt which grants the new version the new requested permissions." ], "upstream_fix": "thunderbird 91.6, firefox 91.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-22754\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-22754" ], "name": "CVE-2022-22754", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-14T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage" ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Max Dymond as the original reporter.", "upstream_fix": "curl 7.59.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1000122\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000122\nhttps://curl.haxx.se/docs/adv_2018-b047.html" ], "name": "CVE-2018-1000122", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-02T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-125", "details": [ "The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors." ], "statement": "This issue does not affect the version of thunderbird package, as shipped with Red Hat Enterprise Linux 5, 6 and 7.", "acknowledgement": "Red Hat would like to thank Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2729\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2729\nhttp://www.mozilla.org/security/announce/2015/mfsa2015-62.html" ], "name": "CVE-2015-2729", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-05-03T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.9, firefox 91.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-29917\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29917\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29917\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29917" ], "name": "CVE-2022-29917", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-03-08T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-787", "details": [ "The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font." ], "upstream_fix": "Firefox ESR 38.6.1, Firefox 45", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1969\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1969\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2016-38/" ], "name": "CVE-2016-1969", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.", "Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid." ], "upstream_fix": "squid 4.0.9, squid 3.5.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4053\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4053\nhttp://www.squid-cache.org/Advisories/SQUID-2016_6.txt" ], "name": "CVE-2016-4053", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-10-08T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.", "A flaw was found in the flatpak package. It is susceptible to a software flaw that can deceive portals and other host-OS services into treating the flatpak app as an ordinary, non-sandboxed host-OS process. This flaw allows the escalation of privileges that the corresponding services presume the flatpak app has. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ], "upstream_fix": "flatpak 1.12.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-41133\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41133" ], "name": "CVE-2021-41133", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-08-01T00:00:00Z", "cvss": { "cvss_base_score": "4.7", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability.", "A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value." ], "statement": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-6480\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6480" ], "name": "CVE-2016-6480", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2024-01-16T20:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).", "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2024-20919\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20919\nhttps://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA" ], "name": "CVE-2024-20919", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-03-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.", "The Mozilla Foundation Security Advisory describes this issue as:\nA texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abraruddin Khan and Omair as the original reporter.", "upstream_fix": "thunderbird 78.9, firefox 78.9", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-23981\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23981\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-23981" ], "name": "CVE-2021-23981", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-10-23T00:00:00Z", "cvss3": { "cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.", "A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application." ], "acknowledgement": "Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter and the OSS-Fuzz project as the original reporters.", "upstream_fix": "curl 7.56.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-1000257\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-1000257\nhttps://curl.haxx.se/docs/adv_20171023.html" ], "name": "CVE-2017-1000257", "mitigation": { "value": "Switch off IMAP in `CURLOPT_PROTOCOLS`", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-03T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.", "It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to move arbitrary files." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3716\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3716" ], "name": "CVE-2016-3716", "mitigation": { "value": "Details can be found under the resolve tab at https://access.redhat.com/security/vulnerabilities/2296071\nRed Hat Enterprise Linux 6 and 7\n================================\nAs a workaround the /etc/ImageMagick/policy.xml file can be edited to disable processing of MVG, HTTPS, HTTP, URL, FTP, EPHEMERAL, MSL, LABEL, TEXT,\nSHOW, WIN and PLT commands within image files, simply add the following lines:\n\n\n\n\n\n\n\n\n\n\n\n\n\nwithin the policy map stanza:\n\n...\n\nRed Hat Enterprise Linux 5\n==========================\nIn the following folders:\n/usr/lib64/ImageMagick-6.2.8/modules-Q16/coders/ (64bit package)\nor\n/usr/lib/ImageMagick-6.2.8/modules-Q16/coders/ (32bit package)\nRename the following files:\n* mvg.so to mvg.so.bak\n* msl.so to msl.so.bak\n* label.so to label.so.bak", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-20T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.", "Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid." ], "upstream_fix": "squid 4.0.9, squid 3.5.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4054\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4054\nhttp://www.squid-cache.org/Advisories/SQUID-2016_6.txt" ], "name": "CVE-2016-4054", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-07-16T00:00:00Z", "cvss3": { "cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-385", "details": [ "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-2818\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2818" ], "name": "CVE-2019-2818", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-12-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.", "A vulnerability was found in X.Org. This issue occurs because the XkbCopyNames function leaves a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests. This flaw can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions." ], "statement": "Xorg server does not run with root privileges in Red Hat Enterprise Linux 8 and 9, therefore Red Hat Enterprise Linux 8 and 9 have been rated with Moderate severity.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-4283\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4283" ], "name": "CVE-2022-4283", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-02-01T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In Poppler 0.73.0, a heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document, as demonstrated by pdftocairo." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-7310\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7310" ], "name": "CVE-2019-7310", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-07-11T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.", "The xfrm_migrate() function in the net/xfrm/xfrm_policy.c file in the Linux kernel built with CONFIG_XFRM_MIGRATE does not verify if the dir parameter is less than XFRM_POLICY_MAX. This allows a local attacker to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact by sending a XFRM_MSG_MIGRATE netlink message. This flaw is present in the Linux kernel since an introduction of XFRM_MSG_MIGRATE in 2.6.21-rc1, up to 4.13-rc3." ], "statement": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed or is not exploitable.\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for these products may address this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-11600\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-11600" ], "name": "CVE-2017-11600", "csaw": false }, { "threat_severity": "Important", "public_date": "2018-08-09T00:00:00Z", "cvss3": { "cvss3_base_score": "8.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-665->(CWE-200|CWE-89)", "details": [ "A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.", "A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq were used with \"host\" or \"hostaddr\" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction." ], "statement": "This vulnerability is only exploitable where an attacker can provide or influence connection parameters to a PostgreSQL client application using libpq. Contrib modules \"dblink\" and \"postgres_fdw\" are examples of applications affected by this flaw.\nRed Hat Virtualization includes vulnerable versions of postgresql. However this flaw is not known to be exploitable under any supported configuration of Red Hat Virtualization. A future update may address this issue.\nThis issue affects the versions of the rh-postgresql95-postgresql package as shipped with Red Hat Satellite 5.7 and 5.8. However, this flaw is not known to be exploitable under any supported scenario in Satellite 5. A future update may address this issue.", "acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter.", "upstream_fix": "postgresql 9.6.10, postgresql 9.5.14, postgresql 9.3.24, postgresql 10.5, postgresql 9.4.19", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-10915\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10915\nhttps://www.postgresql.org/about/news/1878/" ], "name": "CVE-2018-10915", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-121->CWE-787", "details": [ "Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.", "A flaw was found in the LibRaw package. A stack buffer overflow in the LibRaw_buffer_datastream::gets() function in src/libraw_datastream.cpp caused by a maliciously crafted file may result in compromised confidentiality and integrity and an application crash." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-32142\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32142\nhttps://github.com/LibRaw/LibRaw/issues/400" ], "name": "CVE-2021-32142", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-02-17T00:00:00Z", "cvss3": { "cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L", "status": "verified" }, "cwe": "CWE-787", "details": [ "It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1.", "A flaw was found in Thunderbird. The vulnerability occurs due to an out-of-bounds write of one byte when processing the message. This flaw allows an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write." ], "upstream_fix": "Thunderbird 91.6.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-0566\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-0566\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566" ], "name": "CVE-2022-0566", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-12-19T00:00:00Z", "cvss": { "cvss_base_score": "1.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "2.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "cwe": "CWE-200", "details": [ "authfile.c in sshd in OpenSSH before 7.4 does not properly consider the effects of realloc on buffer contents, which might allow local users to obtain sensitive private-key information by leveraging access to a privilege-separated child process.", "It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information." ], "statement": "It seems that this flaw is not practically exploitable, the leak of host private key material to the privilege-separated child processes is theoretical. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users. Because of the this restriction for successful exploitation, this issue has been rated as having Low security impact. A future update may address this flaw.", "upstream_fix": "openssh 7.4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-10011\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10011\nhttps://www.openssh.com/txt/release-7.4" ], "name": "CVE-2016-10011", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7819\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7819\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7819" ], "name": "CVE-2017-7819", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-05T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service.", "A buffer over-read flaw was found in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-10769\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10769" ], "name": "CVE-2020-10769", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2015-03-05T00:00:00Z", "cvss": { "cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified" }, "details": [ "The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access.", "A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.", "acknowledgement": "Red Hat would like to thank Eric Windisch (Docker project) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-0274\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0274" ], "name": "CVE-2015-0274", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-12-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "Under certain conditions, when checking the Resist Fingerprinting preference during device orientation checks, a race condition could have caused a use-after-free and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "upstream_fix": "thunderbird 68.3, firefox 68.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-17010\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-17010\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010" ], "name": "CVE-2019-17010", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-03-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9796\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9796\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-08/#CVE-2019-9796" ], "name": "CVE-2019-9796", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-119->CWE-125", "details": [ "In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11058\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11058" ], "name": "CVE-2020-11058", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-07-28T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..", "A flaw was found in the webkitgtk package. Affected versions of this package are vulnerable to a buffer overflow caused by improper bounds checking by the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash." ], "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-30666\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30666\nhttps://webkitgtk.org/security/WSA-2021-0004.html" ], "name": "CVE-2021-30666", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-02T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-358", "details": [ "The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803." ], "upstream_fix": "nettle 3.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8805\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8805" ], "name": "CVE-2015-8805", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-11-04T00:00:00Z", "cvss3": { "cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-772->CWE-200", "details": [ "In the Linux kernel before 5.3.11, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka CID-f7a1337f0d29.", "An information-leak flaw was found in the Linux kernel's pcan USB driver. When a device using this driver connects to the system, the stack information is leaked to the CAN bus, a controller area network for automobiles. The highest threat with this vulnerability is breach of data confidentiality." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-19534\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-19534" ], "name": "CVE-2019-19534", "mitigation": { "value": "As the devices module will be auto-loaded when the USB CAN bus adapter is connected, its can be disabled by preventing the module from loading with the following instructions:\n# echo \"install peak_usb /bin/true\" >> /etc/modprobe.d/disable-peak-usb-canbus.conf \nThe system will need to be restarted if the peak_usb module is already loaded. In most circumstances, the kernel modules will be unable to be unloaded while any CAN bus interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-01-18T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-502", "details": [ "JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests." ], "statement": "Note this flaw ONLY affects applications which are specifically configured to use JMSSink, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSSink to the attacker's JNDI LDAP endpoint.\nRed Hat Satellite bundles log4j-over-slf4j with Candlepin, however, product is not affected as it uses logback framework for logging.\nRed Hat Virtualization and OpenShift Container Platform in the OCP Metering stack (the Hive/Presto/Hadoop components) ship a vulnerable version of the log4j package, however JMSSink is not used. Therefore the impact of this vulnerability for these products is rated Low.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-23302\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23302\nhttps://www.openwall.com/lists/oss-security/2022/01/18/3" ], "name": "CVE-2022-23302", "mitigation": { "value": "These are the possible mitigations for this flaw for releases version 1.x:\n- Comment out or remove JMSSink in the Log4j configuration if it is used\n- Remove the JMSSink class from the server's jar files. For example:\n```\nzip -q -d log4j-*.jar org/apache/log4j/net/JMSSink.class\n```\n- Restrict access for the OS user on the platform running the application to prevent modifying the Log4j configuration by the attacker.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2023-07-04T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-1127", "details": [ "When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Puf as the original reporter.", "upstream_fix": "thunderbird 102.13, firefox 102.13", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-37208\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37208\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208" ], "name": "CVE-2023-37208", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-11-02T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-252", "details": [ "The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "statement": "This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-8035\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8035" ], "name": "CVE-2015-8035", "csaw": false }, { "threat_severity": "Critical", "public_date": "2019-03-22T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1." ], "statement": "In general, this flaw be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Richard Zhu and Amat Cama via Trend Micro's Zero Day Initiative as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9810\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9810\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9810" ], "name": "CVE-2019-9810", "csaw": false }, { "threat_severity": "Low", "public_date": "2020-05-29T00:00:00Z", "cvss3": { "cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0." ], "upstream_fix": "freerdp 2.1.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11088\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11088" ], "name": "CVE-2020-11088", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-12-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash." ], "acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Kostya Serebryany as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-7497\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-7497" ], "name": "CVE-2015-7497", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2021-08-24T00:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).", "It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial of Service attack, or possibly, memory disclosure. The highest threat from this vulnerability is to data confidentiality and system availability." ], "statement": "The following Red Hat products do not ship the affected OpenSSL component but rely on the Red Hat Enterprise Linux to consume them:\n* Red Hat Satellite\n* Red Hat Update Infrastructure\n* Red Hat CloudForms\nThe Red Hat Advanced Cluster Management for Kubernetes is using the vulnerable version of the library, however the vulnerable code path is not reachable.", "acknowledgement": "Upstream acknowledges the OpenSSL project (Ingo Schwarze) as the original reporter.", "upstream_fix": "openssl 1.1.1l", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-3712\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3712\nhttps://www.openssl.org/news/secadv/20210824.txt" ], "name": "CVE-2021-3712", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-04-12T00:00:00Z", "cvss": { "cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cwe": "CWE-300", "details": [ "Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream.", "It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client." ], "acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter.", "upstream_fix": "samba 4.2.10, samba 4.4.1, samba 4.3.7", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2115\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2115\nhttps://access.redhat.com/articles/2243351" ], "name": "CVE-2016-2115", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-11-16T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "details": [ "Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Ehsan Akhgari, Gary Kwong, Jon Coppeard, Olli Pettay, Philipp, Tooru Fujisawa, and Randell Jesup as the original reporters.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5290\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5290\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-90.html" ], "name": "CVE-2016-5290", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-09-28T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified" }, "cwe": "(CWE-287|CWE-322)", "details": [ "Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver can construct messages that legitimately appear to have come from another person, without any indication such as a grey shield. Additionally, a sophisticated attacker cooperating with a malicious homeserver could employ this vulnerability to perform a targeted attack in order to send fake to-device messages appearing to originate from another user. This can allow, for example, to inject the key backup secret during a self-verification, to make a targeted device start using a malicious key backup spoofed by the homeserver. These attacks are possible due to a protocol confusion vulnerability that accepts to-device messages encrypted with Megolm instead of Olm. Starting with version 19.7.0, matrix-js-sdk has been modified to only accept Olm-encrypted to-device messages. Out of caution, several other checks have been audited or added. This attack requires coordination between a malicious home server and an attacker, so those who trust their home servers do not need a workaround.", "A flaw was found in Mozilla. According to the Mozilla Foundation Security Advisory, Thunderbird users who use the Matrix chat protocol are vulnerable to an impersonation attack. An attacker could spoof historical messages from other users, and use a malicious key backup to the user's account under specific conditions in order to exfiltrate message keys." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Benjamin Dowling (Security of Advanced Systems Group University of Sheffield), Martin R. Albrecht and Dan Jones (Information Security Group at Royal Holloway University London), and Sofía Celi (Brave Software) as the original reporters.", "upstream_fix": "thunderbird 102.3.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-39251\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-39251\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-43/#CVE-2022-39251" ], "name": "CVE-2022-39251", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-23T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-122", "details": [ "The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-1838\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1838" ], "name": "CVE-2016-1838", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2018-03-26T00:00:00Z", "cvss3": { "cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-522", "details": [ "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext." ], "statement": "Red Hat Satellite 6.2 is on Maintenance Support 2 phase, hence only selected critical and important issues will be fixed. Please refer to Red Hat Satellite Product Life Cycle page for more information.\nIn Red Hat OpenStack Platform 13, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-urllib3 package.", "upstream_fix": "python-urllib3 1.23", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-20060\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-20060" ], "name": "CVE-2018-20060", "mitigation": { "value": "Use `retries=urllib3.Retry(redirect=0)` when performing requests if you do not need redirection and handle the redirects manually if you need them.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2016-07-21T00:00:00Z", "cvss": { "cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-125", "details": [ "The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the \"openssl ts\" command.", "An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker." ], "upstream_fix": "openssl 1.0.1u, openssl 1.0.2i", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2180\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2180\nhttps://www.openssl.org/news/secadv/20160922.txt" ], "name": "CVE-2016-2180", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-12-09T00:00:00Z", "cvss": { "cvss_base_score": "2.3", "cvss_scoring_vector": "AV:A/AC:M/Au:S/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20->CWE-805->CWE-125", "details": [ "X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.", "Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-8103\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8103\nhttp://www.x.org/wiki/Development/Security/Advisory-2014-12-09/" ], "name": "CVE-2014-8103", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-03-05T00:00:00Z", "cvss": { "cvss_base_score": "3.3", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "status": "verified" }, "cwe": "CWE-358", "details": [ "The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 as the code with the flaw is not present in the products listed.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.", "acknowledgement": "Red Hat would like to thank Linn Crosetto (HP) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-3699\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3699" ], "name": "CVE-2016-3699", "csaw": false }, { "threat_severity": "Critical", "public_date": "2016-06-08T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges firehack as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-2819\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2819\nhttps://www.mozilla.org/security/announce/2016/mfsa2016-50.html" ], "name": "CVE-2016-2819", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-122", "details": [ "Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.", "A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system." ], "statement": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 starting with the version kernel-3.10.0-514.el7, that is with Red Hat Enterprise Linux 7.3 GA. Prior Red Hat Enterprise Linux 7 kernel versions are not affected.\nIn order to exploit this issue, the system needs to be manually configured by privileged user. The default Red Hat Enterprise Linux 7 configuration is not vulnerable.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-7477\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7477" ], "name": "CVE-2017-7477", "mitigation": { "value": "Red Hat recommends blacklisting the kernel module to prevent its use. This will prevent accidental version loading by administration and also mitigate the flaw if a kernel with the affected module is booted.\nAs the macsec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:\nRaw\n# echo \"install macsec /bin/true\" >> /etc/modprobe.d/disable-macsec.conf \nIf macsec functionality is in use as a functional part of the system a kernel upgrade is required.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Low", "public_date": "2020-04-09T00:00:00Z", "cvss3": { "cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-125", "details": [ "libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read." ], "upstream_fix": "freerdp 2.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11522\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11522" ], "name": "CVE-2020-11522", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-01T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-20", "details": [ "In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nIn some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alexander Guryanov as the original reporter.", "upstream_fix": "thunderbird 102.14, thunderbird 115.1, firefox 115.1, firefox 102.14", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4046\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4046\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4046\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4046\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046" ], "name": "CVE-2023-4046", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-06-20T12:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "It was discovered that libvirtd before versions 4.10.1 and 5.4.1 would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs.", "It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs." ], "statement": "* This vulnerability requires access to the libvirt socket, normally in /var/run/libvirt/libvirt_sock_ro. Typically in hypervisor environments, local user accounts are not supported so no untrusted users should be able to access this socket.\n* Red Hat Gluster Storage 3 is not affected by this vulnerability as libvirtd daemon is not shipped in Gluster.\n* On Red Hat Enterprise Linux 6, the impact of this vulnerability is limited to denial of service or disclosing the existence of arbitrary files. Privilege escalation is not possible. For RHEL6, this CVE is rated as Moderate severity with 7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H", "acknowledgement": "Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue.", "upstream_fix": "libvirt 4.10.1, libvirt 5.4.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-10161\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10161\nhttps://access.redhat.com/libvirt-privesc-vulnerabilities" ], "csaw": true, "name": "CVE-2019-10161", "mitigation": { "value": "The Unix permissions of libvirt's read-only socket can be made more restrictive than the default (0777) by editing `/etc/libvirt/libvirtd.conf`. The settings `unix_sock_group = libvirt` and `unix_sock_ro_perms = 0770` will restrict access to only members of `libvirt`, who already have management access to virtual machines.", "lang": "en:us" } }, { "threat_severity": "Important", "public_date": "2017-09-12T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:N/I:N/A:C", "status": "verified" }, "cvss3": { "cvss3_base_score": "5.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the \"CR8-load exiting\" and \"CR8-store exiting\" L0 vmcs02 controls exist in cases where L1 omits the \"use TPR shadow\" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.", "Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could access (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS." ], "statement": "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.", "acknowledgement": "Red Hat would like to thank Jim Mattson (Google.com) for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-12154\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12154" ], "name": "CVE-2017-12154", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-01-17T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-190", "details": [ "Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.", "A flaw was found in Git, a distributed revision control system. This issue occurs due to an integer overflow in `pretty.c::format_and_pad_commit()`, where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through the git archive via the export-subst mechanism, which expands format specifiers inside files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may allow arbitrary code execution." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-41903\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41903\nhttps://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf\nhttps://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq\nhttps://www.openwall.com/lists/oss-security/2023/01/17/4" ], "name": "CVE-2022-41903", "csaw": false }, { "threat_severity": "Low", "public_date": "2015-01-08T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified" }, "details": [ "The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.", "It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it." ], "statement": "This issue affects the version of openssl098e as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Low security impact and does not plan to address this flaw for the above components in any future security updates.\nThis issue affects the version of openssl and openssl097a as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "upstream_fix": "OpenSSL 1.0.0p, OpenSSL 0.9.8zd, OpenSSL 1.0.1k", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3570\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3570\nhttps://www.openssl.org/news/secadv_20150108.txt" ], "name": "CVE-2014-3570", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-04-18T20:00:00Z", "cvss3": { "cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-924", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-21930\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21930" ], "name": "CVE-2023-21930", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-12T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified" }, "details": [ "Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page." ], "statement": "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.", "upstream_fix": "chromium-browser 73.0.3683.75", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-5798\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-5798\nhttps://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html" ], "name": "CVE-2019-5798", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2014-08-06T00:00:00Z", "cvss": { "cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "verified" }, "cwe": "CWE-362", "details": [ "Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.", "A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code." ], "upstream_fix": "openssl 1.0.1i, openssl 1.0.0n", "references": [ "https://www.cve.org/CVERecord?id=CVE-2014-3509\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3509\nhttps://www.openssl.org/news/secadv_20140806.txt" ], "name": "CVE-2014-3509", "csaw": false }, { "threat_severity": "Low", "public_date": "2016-05-01T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-835", "details": [ "The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-5240\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-5240" ], "name": "CVE-2016-5240", "csaw": false }, { "threat_severity": "Low", "public_date": "2023-02-14T00:00:00Z", "cvss3": { "cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-173", "details": [ "When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Goras Francesco as the original reporter.", "upstream_fix": "thunderbird 102.8, firefox 102.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-25742\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25742\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25742\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25742" ], "name": "CVE-2023-25742", "csaw": false }, { "threat_severity": "Low", "public_date": "2014-02-21T00:00:00Z", "cvss": { "cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:N/A:P", "status": "verified" }, "cwe": "CWE-121", "details": [ "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.", "A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application." ], "statement": "This issue does not affect the version of glibc package as shipped with Red Hat Enterprise Linux 5 and 6.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-1473\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1473" ], "name": "CVE-2015-1473", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-476", "details": [ "Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2659\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2659\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2659", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-14T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-20", "details": [ "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1.", "A flaw was found in git. Credentials can be leaked through the use of a crafted URL that contains a newline, fooling the credential helper to give information for a different host. Highest threat from the vulnerability is to data confidentiality." ], "statement": "Red Hat Enterprise Linux 6 is not affected by this flaw as the vulnerable version of git, version 1.7.9-rc0 and later, was never packaged for this instance of RHEL.", "acknowledgement": "Red Hat would like to thank the Git project for reporting this issue. Upstream acknowledges Felix Wilhelm (Google project zero) as the original reporter.", "upstream_fix": "git 2.19.4, git 2.26.1, git 2.20.3, git 2.18.3, git 2.21.2, git 2.17.4, git 2.22.3, git 2.24.2, git 2.23.2, git 2.25.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-5260\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-5260\nhttps://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q\nhttps://lore.kernel.org/git/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/" ], "name": "CVE-2020-5260", "mitigation": { "value": "The most complete workaround is to disable credential helpers altogether:\n~~~\ngit config --unset credential.helper\ngit config --global --unset credential.helper\ngit config --system --unset credential.helper\n~~~\nAn alternative is to avoid malicious URLs:\n1. Examine the hostname and username portion of URLs fed to git clone for the presence of encoded newlines (%0a) or evidence of credential-protocol injections (e.g., host=github.com)\n2. Avoid using submodules with untrusted repositories (don't use clone --recurse-submodules; use git submodule update only after examining the URLs found in .gitmodules)\n3. Avoid tools which may run git clone on untrusted URLs under the hood", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2019-04-22T00:00:00Z", "cvss3": { "cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.", "A flaw was found in the Linux kernel's implementation of the FUSE filesystem, where it allows a page reference counter overflow. If a page reference counter overflows into a negative value, it can be placed back into the \"free\" list for reuse by other applications. This flaw allows a local attacker who can manipulate memory page reference counters to cause memory corruption and possible privilege escalation by triggering a use-after-free condition.\nThe current attack requires the system to have approximately 140 GB of RAM for this attack to be performed. It may be possible that the attack can occur with fewer memory requirements." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-11487\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11487" ], "name": "CVE-2019-11487", "mitigation": { "value": "Preventing loading of the 'fuse' kernel module will prevent attackers from using this exploit against the system; howeve the functionality of being able to access the filesystems that would be allowed by fuse would no longer be allowed . See “How do I blacklist a kernel module to prevent it from loading automatically?\" ( https://access.redhat.com/solutions/41278) for instructions on how to disable the 'fuse' kernel module from autoloading. This mitigation may not be suitable if access to the functionality provided by fuse is required.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-05-06T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified" }, "cwe": "CWE-20", "details": [ "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.", "An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-4556\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4556\nhttp://www.squid-cache.org/Advisories/SQUID-2016_9.txt" ], "name": "CVE-2016-4556", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-03-13T00:00:00Z", "cvss3": { "cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9." ], "statement": "This issue affects:\n* All current versions of Red Hat OpenStack Platform. However, version 8 is due to retire on the 20th of April 2019, there are no more planned releases prior to this date.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-9740\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-9740" ], "name": "CVE-2019-9740", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-04-03T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "status": "verified" }, "cwe": "CWE-330", "details": [ "The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10." ], "statement": "This vulnerability was originally assigned CVE-2018-4700, but after the publication of security errata the identifier was changed to CVE-2018-4300. Both identifiers refer to the same vulnerability. Since some sources use CVE-2018-4700 and others use CVE-2018-4300, Red Hat security advisories for this vulnerability have been amended to include both identifiers.", "upstream_fix": "cups 2.2.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-4300\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4300" ], "name": "CVE-2018-4300", "csaw": false }, { "threat_severity": "Important", "public_date": "2021-05-26T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.", "A flaw was found in the Dynamic Host Configuration Protocol (DHCP). There is a discrepancy between the code that handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage. This flaw allows an attacker to deliberately cause a situation where dhcpd while running in DHCPv4 or DHCPv6 mode, or the dhclient attempts to read a stored lease that contains option information, to trigger a stack-based buffer overflow in the option parsing code for colon-separated hex digits values. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability." ], "statement": "To abuse this flaw an attacker has to be on the same local sub-net of the victim machine. An attacker may send crafted DHCP messages with long lease statements that, when stored locally on file and then re-read by dhclient or dhcpd, might trigger the bug.", "upstream_fix": "dhcp 4.4.2-P1, dhcp 4.1-ESV-R16-P1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-25217\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-25217\nhttps://kb.isc.org/docs/cve-2021-25217" ], "name": "CVE-2021-25217", "csaw": false }, { "threat_severity": "Important", "public_date": "2020-04-24T00:00:00Z", "cvss3": { "cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-284", "details": [ "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).", "A flaw was found in Squid, where a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This issue occurs because the attacker can overflow the nonce reference counter, which results in remote code execution if the pooled token credentials are freed." ], "upstream_fix": "squid 4.11, squid 5.0.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11945\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11945\nhttp://www.squid-cache.org/Advisories/SQUID-2020_4.txt" ], "name": "CVE-2020-11945", "csaw": false }, { "threat_severity": "Low", "public_date": "2019-10-14T00:00:00Z", "cvss3": { "cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-22", "details": [ "A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Development Tools 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local user pcp to overwrite arbitrary files with arbitrary content. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise High Performance Computing 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Module for Development Tools 15-SP1 pcp versions prior to 4.3.1-3.5.3. SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server 15-LTSS pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Server for SAP 15 pcp versions prior to 3.11.9-5.8.1. SUSE Linux Enterprise Software Development Kit 12-SP4 pcp versions prior to 3.11.9-6.14.1. SUSE Linux Enterprise Software Development Kit 12-SP5 pcp versions prior to 3.11.9-6.14.1. openSUSE Leap 15.1 pcp versions prior to 4.3.1-lp151.2.3.1." ], "upstream_fix": "pcp 5.0.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-3696\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3696" ], "name": "CVE-2019-3696", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-12-19T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-347", "details": [ "When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.", "The Mozilla Foundation Security Advisory: When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Marcus Brinkmann as the original reporter.", "upstream_fix": "thunderbird 115.6, firefox 115.6", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-50762\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-50762\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762" ], "name": "CVE-2023-50762", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-01-09T18:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-770", "details": [ "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. Versions through v240 are vulnerable.", "An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges." ], "statement": "This issue affects the versions of systemd as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Important because it allows an attacker to crash systemd-journald or escalate his privileges. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\nRed Hat Enterprise Linux 7 ships systemd-journal-remote through the optional systemd-journal-gateway package, which is not installed, nor enabled by default.", "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-16865\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16865\nhttps://www.qualys.com/2019/01/09/system-down/system-down.txt" ], "name": "CVE-2018-16865", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-05-20T00:00:00Z", "cvss3": { "cvss3_base_score": "6.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "status": "verified" }, "cwe": "CWE-113", "details": [ "In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.", "A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping." ], "statement": "While Red Hat Quay 3.0, and 3.1 used the httplib2 library it was removed in versions 3.2 and later. Upgrade to 3.2 or later to fix this vulnerability in Red Hat Quay.\nRed Hat Gluster Storage 3 delivers the affected version of the python-httplib2 library. However the library is not used by Gluster hence the impact by this vulnerability is low.\nThis issue affects the version of the python-httplib2 library as shipped with Red Hat Ceph Storage (RHCS) version 2. Ceph-2 has reached End of Extended Life Cycle Support and no longer fixing moderates/lows.\nThere's currently no known vector to exploit this when using Python versions with CVE-2019-9740 and CVE-2019-9947 fixed.\nIn Red Hat OpenStack Platform13, because the flaw has a lower impact and the package's indirect usage in RHOSP cannot be exploited, no update will be provided at this time for the RHOSP python-httplib2 package.", "upstream_fix": "httplib2 0.18.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-11078\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11078\nhttps://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq" ], "name": "CVE-2020-11078", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2016-02-22T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:P/I:P/A:N", "status": "verified" }, "cvss3": { "cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "verified" }, "cwe": "CWE-287", "details": [ "The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.", "A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service." ], "upstream_fix": "tomcat 8.0.32, tomcat 6.0.45, tomcat 7.0.68", "references": [ "https://www.cve.org/CVERecord?id=CVE-2016-0763\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0763\nhttp://seclists.org/bugtraq/2016/Feb/147" ], "name": "CVE-2016-0763", "csaw": false }, { "threat_severity": "Important", "public_date": "2019-05-14T17:00:00Z", "cvss3": { "cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified" }, "cwe": "CWE-203->CWE-385->CWE-226", "details": [ "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf", "A flaw was found in the implementation of the \"fill buffer\", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer." ], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the 'Vulnerability Response' URL.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-12130\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-12130" ], "csaw": true, "name": "CVE-2018-12130" }, { "threat_severity": "Moderate", "public_date": "2018-05-17T17:00:00Z", "cvss3": { "cvss3_base_score": "2.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "status": "verified" }, "cwe": "CWE-122", "details": [ "A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).", "By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks)." ], "acknowledgement": "Red Hat would like to thank Qualys Research Labs for reporting this issue.", "upstream_fix": "kernel 4.17", "references": [ "https://www.cve.org/CVERecord?id=CVE-2018-1120\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1120\nhttp://seclists.org/oss-sec/2018/q2/122" ], "name": "CVE-2018-1120", "csaw": false }, { "threat_severity": "Critical", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-4733\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4733\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-4733", "csaw": false }, { "threat_severity": "Low", "public_date": "2022-10-18T20:00:00Z", "cvss3": { "cvss3_base_score": "3.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "status": "verified" }, "cwe": "CWE-330", "details": [ "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-21624\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21624" ], "name": "CVE-2022-21624", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2020-09-22T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-79", "details": [ "Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.", "The Mozilla Foundation Security Advisory describes this flaw as:\nFirefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Daniel Fröjdendahl as the original reporter.", "upstream_fix": "thunderbird 78.3, firefox 78.3", "references": [ "https://www.cve.org/CVERecord?id=CVE-2020-15676\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15676\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676" ], "name": "CVE-2020-15676", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2022-10-09T00:00:00Z", "cvss3": { "cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.", "A memory leak flaw with use-after-free capability was found in the Linux kernel. The VMA mm/rmap.c functionality in the is_mergeable_anon_vma() function continuously forks, using memory operations to trigger an incorrect reuse of leaf anon_vma. This issue allows a local attacker to crash the system." ], "upstream_fix": "Linux kernel 6.0-rc4", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-42703\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42703\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2555283eb40df89945557273121e9393ef9b542b" ], "name": "CVE-2022-42703", "mitigation": { "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Moderate", "public_date": "2019-10-29T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-119", "details": [ "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.", "A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues." ], "statement": "This flaw is rated as 'Moderate' as the WebKitGTK package is shipped as a dependency for the Gnome package. Red Hat Enterprise Linux does not ship any WebKitGTK-based web browser where this flaw would present a higher severity major threat.", "upstream_fix": "webkitgtk 2.26.0", "references": [ "https://www.cve.org/CVERecord?id=CVE-2019-8720\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-8720\nhttps://webkitgtk.org/security/WSA-2019-0005.html" ], "name": "CVE-2019-8720", "mitigation": { "value": "Red Hat has investigated whether possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-01-23T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-299", "details": [ "Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.", "The Mozilla Foundation Security Advisory describes this flaw as:\nCertificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Menzel as the original reporter.", "upstream_fix": "thunderbird 102.7.1", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-0430\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0430\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-04/#CVE-2023-0430" ], "name": "CVE-2023-0430", "csaw": false }, { "threat_severity": "Important", "public_date": "2023-08-29T00:00:00Z", "cvss3": { "cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-416", "details": [ "When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "The Mozilla Foundation Security Advisory describes this flaw as:\nWhen creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges sonakkbi as the original reporter.", "upstream_fix": "thunderbird 102.15, thunderbird 115.2, firefox 102.15, firefox 115.2", "references": [ "https://www.cve.org/CVERecord?id=CVE-2023-4575\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4575\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575" ], "name": "CVE-2023-4575", "csaw": false }, { "threat_severity": "Important", "public_date": "2022-04-05T00:00:00Z", "cvss3": { "cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-120", "details": [ "Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.", "The Mozilla Foundation Security Advisory describes this flaw as:\nMozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 98 and Firefox ESR 91.7. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort, some of these could have been exploited to run arbitrary code." ], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "upstream_fix": "thunderbird 91.8, firefox 91.8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2022-28289\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28289\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28289\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28289" ], "name": "CVE-2022-28289", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2015-07-14T00:00:00Z", "cvss": { "cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified" }, "details": [ "Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX.", "An information leak flaw was found in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions." ], "references": [ "https://www.cve.org/CVERecord?id=CVE-2015-2621\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2621\nhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA" ], "name": "CVE-2015-2621", "csaw": false }, { "threat_severity": "Important", "public_date": "2017-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "8.6", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "verified" }, "details": [ "An out-of-bounds write in \"ClearKeyDecryptor\" while decrypting some Clearkey-encrypted media content. The \"ClearKeyDecryptor\" code runs within the Gecko Media Plugin (GMP) sandbox. If a second mechanism is found to escape the sandbox, this vulnerability allows for the writing of arbitrary data within memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anonymous working with Trend Micro's Zero Day Initiative as the original reporter.", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-5448\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5448\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5448" ], "name": "CVE-2017-5448", "csaw": false }, { "threat_severity": "Moderate", "public_date": "2017-04-12T00:00:00Z", "cvss3": { "cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified" }, "cwe": "CWE-617", "details": [ "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.", "A denial of service flaw was found in the way BIND handled query requests when using DNS64 with \"break-dnssec yes\" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request." ], "acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Oleg Gorokhov (Yandex) as the original reporter.", "upstream_fix": "bind 9.11.0-P5, bind 9.9.9-P8, bind 9.10.4-P8", "references": [ "https://www.cve.org/CVERecord?id=CVE-2017-3136\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3136\nhttps://kb.isc.org/article/AA-01465" ], "name": "CVE-2017-3136", "mitigation": { "value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect.", "lang": "en:us" }, "csaw": false }, { "threat_severity": "Important", "public_date": "2023-09-20T00:00:00Z", "cvss3": { "cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified" }, "cwe": "CWE-91", "details": [ "paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '> /etc/modprobe.d/disable-dccp.conf \nThe system will need to be restarted if the DCCP modules are loaded. In most circumstances, the DCCP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use.\nIf you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.", "lang": "en:us" } }, { "threat_severity": "Moderate", "public_date": "2021-04-19T00:00:00Z", "cvss3": { "cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified" }, "cwe": "CWE-476", "details": [ "The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. *Note: This issue only affected x86-32 platforms. Other platforms are unaffected.*. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88." ], "acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter.", "upstream_fix": "thunderbird 78.10, firefox 78.10", "references": [ "https://www.cve.org/CVERecord?id=CVE-2021-29945\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29945\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-29945" ], "name": "CVE-2021-29945", "csaw": false } ]