• CVE-2018-6954

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2018-6954 

    systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.

    CVE-2018-6954
    CentOS
    CentOS 7
    219-78_ol003.el7.9
    systemd
    7.8

  • CVE-2024-1737

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2024-1737 

    Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

    CVE-2024-1737
    CentOS
    CentOS 7
    9.11.4-26.P2_ol002.el7_9.16ofc la
    bind
    n/a

  • CVE-2018-6954

    NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-6954 

    systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.

    CVE-2018-6954
    CentOS
    CentOS 7
    219-78_ol002.el7.9
    systemd
    7.8

  • CVE-2020-10735

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2020-10735 

    A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

    CVE-2020-10735
    CentOS
    CentOS 7
    2.7.5-94_ol002.el7
    python
    7.5

  • CVE-2024-38477

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2024-38477

    null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.

    CVE-2024-38477
    CentOS
    CentOS 7
    2.4.6-99_ol002.el7.1
    httpd
    7.5

  • CVE-2022-23218

    NVD Listing: https://nvd.nist.gov/vuln/detail/CVE-2022-23218 

    The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

    CVE-2022-23218
    CentOS
    CentOS 7
    2.17-326_ol004.el7_9.3
    glibc
    9.8