• CVE-2019-8457

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2019-8457

    SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

    CVE-2019-8457
    CentOS
    CentOS 7
    3.7.17-8_ol001.el7.1
    sqlite
    9.8

  • CVE-2009-5155

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2009-5155

    In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

    CVE-2009-5155
    CentOS
    CentOS 7
    2.17-326_ol001.el7_9.3
    glibc
    7.5

  • CVE-2022-37434

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-37434

    zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

    CVE-2022-37434
    CentOS
    CentOS 8
    1.2.11-17_ol001.el8
    zlib
    9.8

  • CVE-2022-2097

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-2097

    AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).

    CVE-2022-2097
    CentOS
    CentOS 8
    1.1.1k-5_ol002.el8
    openssl
    5.3

  • CVE-2023-38709

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2023-38709

    Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.

    CVE-2023-38709
    CentOS
    CentOS 7
    2.4.6-99_ol001.el7.1
    httpd
    N/A

  • CVE-2021-3521

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2021-3521

    There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.

    CVE-2021-3521
    CentOS
    CentOS 8
    4.14.3-19_ol001.el8
    rpm
    4.7

  • CVE-2022-45061

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-45061

    An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

    CVE-2022-45061
    CentOS
    CentOS 7
    3.6.8-21_ol001.el7_9
    python3
    7.5

  • CVE-2018-20685

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2018-20685

    In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

    CVE-2018-20685
    CentOS
    CentOS 7
    7.4p1-23_ol001.el7
    openssh
    5.3

  • CVE-2024-2398

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2024-2398

    When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory.  Further, this error condition fails silently and is therefore not easily detected by an application.

    CVE-2024-2398
    CentOS
    CentOS 8
    7.61.1-22_ol003.el8
    curl
    8.6

  • CVE-2022-0492

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-0492

    A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

    CVE-2022-0492
    CentOS
    CentOS 8
    4.18.0-348.7.1_ol004.el8_5
    kernel
    7.8