Versions
8080020240530051744.b0a6ceea
0:3.19.0-3.el8_8
8080020240422101606.0f77c1b7
0:1.2.10-6.el8_8
8080020231201202316.63b34585
0:5.3.7-19.el8_8
8080020231222130009.63b34585
0:1.12.0-15.el8_8.1
8080020231114105206.63b34585
8080020231128165335.63b34585
8080020240329143735.693a3987
0:5.3.7-18.el8_8
8080020241025064551.0f77c1b7
0:1.7-7.el8_8
0:3.6.16-7.el8_8.3
0:2.8.2-4.el8_8.2
0:1.0-283.1.9d4029a.git.el8_8.1
0:4.18.0-477.51.1.el8_8
0:4.18.0-477.55.1.el8_8
0:4.18.0-477.58.1.el8_8
8080020240807050952.6dbb3803
0:4.17.5-4.el8_8
0:2.1.5-2.el8_8.1
8080020231113134015.63b34585
8080020240116113044.63b34585
0:4.17.5-5.el8_8
8080020231201153604.b0a6ceea
0:15.8-2.el8
0:1.12.0-15.el8_8.11
0:1.16.2-5.el8_8.4
0:4.18.0-477.43.1.el8_8
0:1.12.0-15.el8_8.4
0:1.12.0-15.el8_8.10
8080020240703085245.63b34585
0:1.12.0-15.el8_8.7
0:3.6.16-7.el8_8.1
0:4.18.0-477.36.1.el8_8
0:2.20.0-2.el8_8.1
0:21.11-4.el8_8
0:3.6.16-7.el8_8.2
2:4.6-17.el8_8.2
Recent CVEs
CVE-2024-11614
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset.
CVE-2024-52337
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations.
CVE-2024-9632
A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payload, leading to denial of service or local privilege escalation in distributions where the X.org server is run with root privileges.
CVE-2024-9050
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.
CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
CVE-2024-45770
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
CVE-2024-45769
A vulnerability was found in Performance Co-Pilot (PCP). This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.
CVE-2024-4467
A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file.