• CVE-2022-29154

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-29154

    An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).

    CVE-2022-29154
    CentOS
    CentOS 8
    3.1.3-12_ol001.el8
    rsync
    7.4

  • CVE-2023-4911

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2023-4911

    A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

    CVE-2023-4911
    CentOS
    CentOS 8
    2.28-164.el8
    glibc
    7.8

  • CVE-2019-6110

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2019-6110

    In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.

    CVE-2019-6110
    CentOS
    CentOS 7
    7.4p1-23_ol002.el7
    openssh
    6.8

  • CVE-2022-24903

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-24903

    Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability.

    CVE-2022-24903
    CentOS
    CentOS 8
    8.2102.0-5_ol001.el8
    rsyslog
    8.1

  • CVE-2022-2526

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-2526

    A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

    CVE-2022-2526
    CentOS
    CentOS 8
    239-51_ol001.el8_5.2
    systemd
    9.8

  • CVE-2022-23218

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-23218

    The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

    CVE-2022-23218
    CentOS
    CentOS 8
    2.28-164_ol001.el8
    glibc
    9.8

  • CVE-2024-2961

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2024-2961

    The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
     

    CVE-2024-2961
    CentOS
    CentOS 8
    2.28-164_ol003.el8
    glibc
    Not Available