Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-1586 |
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Published: May 16, 2022; 5:15:07 PM -0400 |
V4.0:(not available) V3.1: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2021-3750 |
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. Published: May 02, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-4207 |
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Published: April 29, 2022; 1:15:20 PM -0400 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-4206 |
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Published: April 29, 2022; 1:15:20 PM -0400 |
V4.0:(not available) V3.1: 8.2 HIGH V2.0: 4.6 MEDIUM |
CVE-2022-1353 |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Published: April 29, 2022; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0: 3.6 LOW |
CVE-2022-1227 |
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. Published: April 29, 2022; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2022-1048 |
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. Published: April 29, 2022; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.0 HIGH V2.0: 6.9 MEDIUM |
CVE-2021-42779 |
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. Published: April 18, 2022; 1:15:16 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2021-42778 |
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. Published: April 18, 2022; 1:15:16 PM -0400 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2022-1304 |
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. Published: April 14, 2022; 5:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2022-1280 |
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. Published: April 13, 2022; 2:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.3 MEDIUM V2.0: 3.3 LOW |
CVE-2022-27651 |
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. Published: April 04, 2022; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2022-27650 |
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Published: April 04, 2022; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 6.0 MEDIUM |
CVE-2022-27649 |
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Published: April 04, 2022; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 6.0 MEDIUM |
CVE-2020-35501 |
A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem Published: March 30, 2022; 12:15:08 PM -0400 |
V4.0:(not available) V3.1: 3.4 LOW V2.0: 3.6 LOW |
CVE-2022-1055 |
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 Published: March 29, 2022; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2022-0435 |
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Published: March 25, 2022; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2022-0330 |
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Published: March 25, 2022; 3:15:10 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2021-3941 |
In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR. Published: March 25, 2022; 3:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 2.1 LOW |
CVE-2022-0996 |
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. Published: March 23, 2022; 4:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |