Redhat: >> Enterprise Linux Security Vulnerabilities
Session fixation vulnerability in pcsd in pcs before 0.9.157.
CVSS Score
8.1
EPSS Score
0.004
Published
2017-04-21
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.94
Published
2017-04-17
Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.
CVSS Score
7.5
EPSS Score
0.015
Published
2017-04-12
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-03-27
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities
CVSS Score
3.3
EPSS Score
0.001
Published
2017-03-03
pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-02-13
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
CVSS Score
8.8
EPSS Score
0.014
Published
2017-02-13
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-12-23
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
CVSS Score
6.5
EPSS Score
0.002
Published
2016-12-23
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
CVSS Score
6.5
EPSS Score
0.001
Published
2016-12-23