Redhat: >> Enterprise Linux Security Vulnerabilities
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
CVSS Score
8.2
EPSS Score
0.0
Published
2022-04-29
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-04-29
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS Score
7.0
EPSS Score
0.0
Published
2022-04-29
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
CVSS Score
8.8
EPSS Score
0.321
Published
2022-04-29
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-04-29
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-04-18
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-18
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-18
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-18
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
CVSS Score
7.8
EPSS Score
0.005
Published
2022-04-14