Redhat: >> Enterprise Linux >> 8.0 Security Vulnerabilities
A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-06-09
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.
A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-05-30
A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-04-29
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-04-23
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-04-23
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation at the bezier_spline function.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-04-23
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
CVSS Score
4.7
EPSS Score
0.0
Published
2025-04-23
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.
CVSS Score
7.4
EPSS Score
0.001
Published
2025-04-03
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVSS Score
7.0
EPSS Score
0.009
Published
2025-04-03
A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-03-27