• CVE-2021-27364

    NVD Listing: CVE-2021-27364

    An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.

    CVE-2021-27364
    CentOS
    CentOS 6
    2.6.32-754.35.1_ol007.el6
    kernel
    7.1

  • CVE-2022-37434

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-37434 

    zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).

    CVE-2022-37434
    CentOS
    CentOS 6
    1.2.3-29_ol001.el6
    zlib
    9.8

  • CVE-2020-29661

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2020-29661 

    A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.

    CVE-2020-29661
    CentOS
    CentOS 6
    2.6.32-754.35.1_ol003.el6
    kernel
    7.8

  • CVE-2021-22543

    NVD Entry: CVE-2021-22543

    An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.

    CVE-2021-22543
    CentOS
    CentOS 6
    2.6.32-754.35.1_ol009.el6
    kernel
    7.8

  • CVE-2021-4034

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2021-4034 

    A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

    CVE-2021-4034
    CentOS
    CentOS 6
    0.96-11_ol001.el6.1
    polkit
    7.8

  • CVE-2022-25235

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-25235 

    xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

    CVE-2022-25235
    CentOS
    CentOS 6
    2.0.1-13_ol003.el6
    expat
    9.8