Codeready Linux Builder Security Vulnerabilities and Issues — Codeready Linux Builder CVE List

Lucene search

RedhatCodeready Linux Builder

10 matches found

CVE•added 2022/03/10 5:42 p.m.•794 views

CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is s...

6.5CVSS7.1AI score0.00366EPSS

CVE•added 2019/11/14 7:15 p.m.•567 views

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.

6.5CVSS6.4AI score0.00394EPSS

CVE•added 2019/04/11 4:29 p.m.•327 views

CVE-2019-3459

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.

6.5CVSS6.8AI score0.00419EPSS

CVE•added 2019/04/11 4:29 p.m.•294 views

CVE-2019-3460

A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.

6.5CVSS7AI score0.00419EPSS

CVE•added 2024/01/10 1:15 p.m.•240 views

CVE-2023-5455

A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During comm...

6.5CVSS6.3AI score0.0028EPSS

Web

CVE•added 2022/02/18 6:15 p.m.•231 views

CVE-2021-3930

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service co...

6.5CVSS6.6AI score0.00038EPSS

CVE•added 2022/03/16 3:15 p.m.•226 views

CVE-2021-20257

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial...

6.5CVSS6.7AI score0.00043EPSS

CVE•added 2022/08/23 8:15 p.m.•158 views

CVE-2021-3975

A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down....

6.5CVSS6.2AI score0.00317EPSS

CVE•added 2021/05/27 8:15 p.m.•153 views

CVE-2020-14301

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml...

6.5CVSS6.8AI score0.00264EPSS

CVE•added 2022/07/06 4:15 p.m.•151 views

CVE-2021-3696

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corr...

6.9CVSS6.8AI score0.00113EPSS