Versions
0:1.20.11-22.el8
0:2.1.5-2.el8_9.1
0:0.20.0-7.el8_9
0:2.9.8-3.el8_10
0:21.1.3-16.el8_10
0:4.18.0-477.27.1.el8_8
8100020240409073027.489197e6
0:1.20.11-23.el8_10
8100020240416171943.823393f5
8090020231114113548.a75119d5
0:3.5-10.el8_10
0:3.22.30-12.el8_10
0:9.2.10-8.el8_9
0:21.1.3-17.el8_10
0:4.18.0-513.18.1.el8_9
8100020241023085649.afee755d
0:1.32.9-1.el8_10
0:0.9.6-14.el8
0:4.18.0-513.24.1.el8_9
8090020231128173330.a75119d5
8100020240910065753.25e700aa
0:4.18.0-513.9.1.el8_9
0:1.28.36-3.el8_8
8100020241101101019.afee755d
0:239-82.el8
0:1.13.1-2.el8_9.1
8090020240413110917.d7b6f4b7
0:101-1.el8
0:3.6.16-8.el8_9.3
0:3.6.16-8.el8_9.1
8100020240528133707.823393f5
0:1.13.1-2.el8_9.10
0:1.13.1-14.el8_10
0:4.0.9-32.el8_10
8100020240307184541.6d180cd9
0:4.17.5-3.el8_8
0:4.18.0-553.8.1.rt7.349.el8_10
8100020240613122040.25e700aa
8100020240419145834.afee755d
8090020231201152514.3387e3d0
0:5.1.1-2.el8_9
0:4.18.0-553.8.1.el8_10
0:2.22.1-5.el8_10
0:5.1.1-9.el8_10
0:2.3.4-20.el8
1:2.02-156.el8
8100020241001112709.a3795dee
0:3.5.12-11.el8
0:4.18.0-513.11.1.el8_9
0:1.3.1-36.el8_10
0:1.2.10-7.el8_10
0:3.6.16-8.el8_9
8090020231206155326.a75119d5
8100020240315011748.945b6f6d
0:4.18.0-553.5.1.el8_10
0:3.1.3-20.el8_10
0:23.11-2.el8_10
0:4.18.0-477.27.1.rt7.290.el8_8
8100020240307185118.fc00487d
8100020240417004735.143e9e98
0:0.20.0-8.el8_9
8090020231114113712.a75119d5
0:1.13.1-2.el8_9.7
8090020240417184044.e7857ab1
8090020231030224841.a75119d5
0:4.18.0-513.5.1.rt7.307.el8_9
0:2.16.3-2.el8
0:1.13.1-10.el8_10
8080020231003163755.63b34585
8100020240314121426.9fe1d287
0:1.16.2-5.el8_9.6
8090020240313170136.26eb71ac
0:9.2.10-20.el8_10
0:2.9.4-3.el8_10
0:3.2.2-1.el8_8
0:1.7-7.el8_10
0:101-2.el8_10
0:4.18.0-553.5.1.rt7.346.el8_10
0:1.13.1-2.el8_9.4
8090020231130092412.a75119d5
0:4.18.0-513.18.1.rt7.320.el8_9
0:1.6.8-8.el8
0:15.8-4.el8_9
0:3.21.0-10.el8_9
8100020240314161907.e155f54d
8100020240808093819.afee755d
8100020240704072441.489197e6
0:5.3.7-20.el8_10
0:1.13.1-8.el8
8090020231201202407.a75119d5
0:310.4-1.el8_10
8100020240606142719.489197e6
0:4.18.0-513.9.1.rt7.311.el8_9
8080020231030214932.63b34585
0:1.1-1.el8_10.1
8100020240614102443.82f485b7
0:4.18.0-553.rt7.342.el8_10
0:4.18.0-513.5.1.el8_9
0:4.18.6-1.el8
0:9.2.10-16.el8_10
0:21.1.3-15.el8
0:4.18.6-2.el8_9
0:4.0.9-33.el8_10
0:20.11.0-12.el8_10
0:4.18.0-553.el8_10
2:4.6-19.el8
0:4.18.0-513.11.1.rt7.313.el8_9
0:1.20.11-25.el8_10
0:5.3.7-22.el8_10
0:4.18.0-513.24.1.rt7.326.el8_9
0:2.28-225.el8_8.6
0:9.27-11.el8
8100020240905091210.489197e6
Recent CVEs
CVE-2024-12085
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
CVE-2024-11614
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
CVE-2024-52337
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
CVE-2024-10573
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
CVE-2024-9632
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
CVE-2024-9050
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.
CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
CVE-2024-9341
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.