A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.05%
Published
2024-05-08
Updated
2024-06-11
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.05%
Published
2024-04-25
Updated
2024-06-12
A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.06%
Published
2024-03-21
Updated
2024-06-10
A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service.
Source: Red Hat, Inc.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-03-12
Updated
2024-05-01
A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.
Source: Red Hat, Inc.
Max CVSS
6.6
EPSS Score
0.04%
Published
2024-01-18
Updated
2024-01-26
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.
Source: Red Hat, Inc.
Max CVSS
6.5
EPSS Score
0.05%
Published
2024-01-30
Updated
2024-02-08
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.08%
Published
2024-02-22
Updated
2024-03-10
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
Source: Red Hat, Inc.
Max CVSS
6.5
EPSS Score
0.04%
Published
2023-10-10
Updated
2024-05-22
A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.
Source: Red Hat, Inc.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-10-05
Updated
2024-05-22
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task.
Source: Red Hat, Inc.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-11-06
Updated
2023-11-24
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
Source: Red Hat, Inc.
Max CVSS
6.5
EPSS Score
0.08%
Published
2023-10-05
Updated
2024-04-30
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
Source: Red Hat, Inc.
Max CVSS
6.5
EPSS Score
0.09%
Published
2023-10-05
Updated
2024-04-30
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.
Source: Red Hat, Inc.
Max CVSS
6.4
EPSS Score
0.04%
Published
2023-11-06
Updated
2023-12-23
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.
Source: Red Hat, Inc.
Max CVSS
6.6
EPSS Score
0.06%
Published
2023-11-06
Updated
2023-12-23
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.04%
Published
2024-01-29
Updated
2024-06-10
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.07%
Published
2024-01-29
Updated
2024-06-10
A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
Source: Red Hat, Inc.
Max CVSS
6.1
EPSS Score
0.05%
Published
2023-10-09
Updated
2024-05-22
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.
Source: Red Hat, Inc.
Max CVSS
6.7
EPSS Score
0.05%
Published
2023-10-09
Updated
2024-05-22
A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.
Source: Red Hat, Inc.
Max CVSS
6.0
EPSS Score
0.05%
Published
2023-10-09
Updated
2024-05-22
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
Source: Red Hat, Inc.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
Source: Red Hat, Inc.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-08-25
Updated
2024-01-12
243 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!