Enterprise Linux Security Vulnerabilities - November 2019
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
7.8CVSS
7.5AI Score
0.001EPSS
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
7.5CVSS
7.4AI Score
0.008EPSS
7.8CVSS
7.3AI Score
0.0004EPSS
In ConsoleKit before 0.4.2, an intended security policy restriction bypass was found. This flaw allows an authenticated system user to escalate their privileges by initiating a remote VNC session.
8.8CVSS
8.6AI Score
0.003EPSS
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
7.8CVSS
7.8AI Score
0.0004EPSS
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
5.3CVSS
5.3AI Score
0.013EPSS
The DHCPv6 client (dhcp6c) as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
9.8CVSS
9.7AI Score
0.003EPSS
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access...
7.5CVSS
7.5AI Score
0.004EPSS
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
9.8CVSS
9.6AI Score
0.012EPSS
Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink execu...
8.8CVSS
8.9AI Score
0.008EPSS
Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user...
8.8CVSS
8.7AI Score
0.009EPSS
Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.
7.1CVSS
7.3AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.008EPSS
7.5CVSS
7.5AI Score
0.003EPSS
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
7.5CVSS
7.4AI Score
0.007EPSS
7.5CVSS
7.5AI Score
0.003EPSS
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
8.2CVSS
8.1AI Score
0.007EPSS
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
6.5CVSS
6.4AI Score
0.004EPSS
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
6.3CVSS
5.7AI Score
0.0004EPSS
5.5CVSS
5.6AI Score
0.0004EPSS
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
5.5CVSS
5.4AI Score
0.0004EPSS
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
3.3CVSS
3.7AI Score
0.0004EPSS
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
7.5CVSS
7.3AI Score
0.012EPSS
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
7.5CVSS
7.3AI Score
0.01EPSS
5.5CVSS
5.4AI Score
0.001EPSS
The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.
7.8CVSS
7.3AI Score
0.0004EPSS
An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.
9.8CVSS
9.2AI Score
0.016EPSS
8.1CVSS
7.8AI Score
0.002EPSS
5.9CVSS
5.7AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
5.5CVSS
5.3AI Score
0.0005EPSS
The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.
5.5CVSS
5.9AI Score
0.0004EPSS
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
4.7CVSS
4.8AI Score
0.001EPSS
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
9.8CVSS
9.5AI Score
0.008EPSS
2.4CVSS
3.7AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
2.5CVSS
3.8AI Score
0.0004EPSS
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
3.3CVSS
3.6AI Score
0.0004EPSS
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
7.5CVSS
7.2AI Score
0.025EPSS
The extract_group_icon_cursor_resource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service (process crash) and execute arbitrary code via a crafted executable.
7.8CVSS
7.6AI Score
0.001EPSS
Integer overflow in the extract_group_icon_cursor_resource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service (process crash) or execute arbitrary code via a crafted executable file.
7.8CVSS
7.7AI Score
0.001EPSS
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch ...
5.9CVSS
5.7AI Score
0.001EPSS
In ghostscript before version 9.50, the .buildfont1 procedure did not properly secure its privileged calls, enabling scripts to bypass -dSAFER restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges and access files outside of r...
7.8CVSS
7.6AI Score
0.001EPSS
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
6.5CVSS
6.4AI Score
0.001EPSS
A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.
7.8CVSS
8.6AI Score
0.001EPSS
A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using...
7.1CVSS
6.7AI Score
0.0004EPSS
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
6.5CVSS
6.2AI Score
0.002EPSS
A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects...
9.8CVSS
9.6AI Score
0.017EPSS
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c.
4.7CVSS
6.5AI Score
0.001EPSS
An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unsp...
9.8CVSS
9.1AI Score
0.007EPSS