Red Hat Enterprise Linux Update Services for SAP Solutions 8.8

CPE Details

Red Hat Enterprise Linux Update Services for SAP Solutions 8.8
redhat
enterprise_linux_update_services_for_sap_solutions
8.8
2023-11-09
19h11 +00:00
2023-11-09
19h11 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

enterprise_linux_update_services_for_sap_solutions

Version

8.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-9675 2024-10-09 14h32 +00:00 A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
7.8
High
CVE-2024-1062 2024-02-12 13h04 +00:00 A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
5.5
Medium
CVE-2023-3972 2023-11-01 15h54 +00:00 A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).
7.8
High
CVE-2023-3899 2023-08-23 10h49 +00:00 A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.
7.8
High
CVE-2019-0211 2019-04-08 21h31 +00:00 In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
7.8
High