Versions
0:1.13.1-13.el9_0.4
0:5.14.0-70.101.1.rt21.173.el9_0
0:26.4.14-1.el9_0
7:5.2-1.el9_0.3
1:1.26.7-1.el9_0
0:4.9.8-11.el9_0.3
3:10.5.22-1.el9_0
0:5.14.0-70.85.1.rt21.156.el9_0
0:5.14.0-70.80.1.el9_0
0:15.8-3.el9
0:5.3.5-9.el9_0
0:1.11.0-22.el9_0.8
0:5.14.0-70.85.1.el9_0
0:15.8-2.el9
0:5.14.0-70.101.1.el9_0
0:1.11.0-22.el9_0.5
0:4.15.5-111.el9_0
0:3.1.2-2.el9_0
2:4.2.0-3.el9_0
0:13.13-1.el9_0
0:1.29.26.2-2.el9_0
0:5.14.0-70.80.1.rt21.151.el9_0
2:4.2.0-5.el9_0.2
0:1.11.0-22.el9_0.3
0:5.14.0-70.93.1.rt21.165.el9_0
0:1.11.0-22.el9_0.11
1:2.06-27.el9_0.16
0:5.14.0-70.93.2.el9_0
0:2.34-28.el9_0.4
0:3.2.2-1.el9_0
1:1.26.8-2.el9_0
7:5.2-1.el9_0.4
0:2.6.2-4.el9_0.3
0:4.9.8-9.el9_0
Recent CVEs
CVE-2024-9675
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
CVE-2024-3183
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
CVE-2023-3758
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
CVE-2024-31083
A use-after-free vulnerability was found in the ProcRenderAddGlyphs() function of Xorg servers. This issue occurs when AllocateGlyph() is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, ProcRenderAddGlyphs() may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request.
CVE-2024-31081
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.
CVE-2024-31080
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads.