Adam Mariš

**Name of the Vulnerable Software and Affected Versions** Openwsman versions up to and including 2.6.9 **Description** The issue is related to an infinite loop in the `process connection()` function when parsing specially crafted HTTP requests, such as `/api/v1/login`. A remote, unauthenticated attacker can exploit this by sending a malicious HTTP request to cause a denial of service to the openwsman server. The vulnerability is also associated with resource management errors. **Recommendations** For Openwsman versions up to and including 2.6.9, consider disabling the `process connection()` function as a temporary workaround until a patch is available. Restrict access to the openwsman server to minimize the risk of exploitation. Avoid using the openwsman server until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** No specific software or version information is provided. **Description** A code injection flaw was found in the way capacity and utilization imported control files are processed. This could allow a remote, authenticated attacker with access to the capacity and utilization feature to execute arbitrary code as the user CFME runs as. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CloudForms versions prior to 5.6.3.0 CloudForms versions prior to 5.7.3.1 CloudForms versions prior to 5.8.1.2 **Description** A flaw was found in the CloudForms API. A user with permissions to use the `MiqReportResults` capability within the API could potentially view data from other tenants or groups to which they should not have access. **Recommendations** For versions prior to 5.6.3.0, update to version 5.6.3.0 or later. For versions prior to 5.7.3.1, update to version 5.7.3.1 or later. For versions prior to 5.8.1.2, update to version 5.8.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Red Hat CloudForms Management Engine 5 **Description** The issue allows for CRLF Injection. It was found that the X-Forwarded-For header enables internal servers to deploy other systems using callback. **Recommendations** For Red Hat CloudForms Management Engine 5, consider restricting access to the X-Forwarded-For header to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CloudForms Management Engine (cfme) versions prior to 5.7.3 CloudForms Management Engine (cfme) versions 5.8.x prior to 5.8.1 **Description** A missing privilege check was found in the CloudForms Management Engine when invoking arbitrary methods via filtering on VMs. This allows an attacker to execute actions they should not be allowed to, such as destroying VMs, by exploiting the MiqExpression execution triggered by API users. **Recommendations** For CloudForms Management Engine (cfme) versions prior to 5.7.3, update to version 5.7.3 or later. For CloudForms Management Engine (cfme) versions 5.8.x prior to 5.8.1, update to version 5.8.1 or later.

Name of the Vulnerable Software and Affected Versions: hawtio servlet version 1.4 Description: A issue was found where the hawtio servlet uses a single HttpClient instance to proxy requests, resulting in all clients sharing the same cookies due to a persistent cookie store. This means cookies are stored locally and not passed between the client and the end URL. Recommendations: For hawtio servlet version 1.4, consider disabling the proxy functionality until a patch is available to prevent cookie sharing among clients. Restrict access to the hawtio servlet to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ansible (affected versions not specified) **Description** The issue is related to insufficient input validation in Ansible, allowing an attacker to execute arbitrary code. Specifically, when running ad-hoc commands, inventory variables are loaded from the current working directory, which can be under an attacker's control. This can lead to the execution of arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ansible (affected versions not specified) **Description** A flaw in ansible allows an attacker to execute arbitrary code by altering the ansible.cfg file in the current working directory to point to a plugin or module path under their control. This can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PowerDNS Authoritative versions prior to 4.1.2 Description: The issue is related to a buffer overflow in the dnsreplay tool. When the -ecs-stamp option of dnsreplay is used to replay a specially crafted PCAP file, it can trigger a stack-based buffer overflow. This leads to a crash and potentially allows for arbitrary code execution. Recommendations: For versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -ecs-stamp option in dnsreplay until the update is applied.

**Name of the Vulnerable Software and Affected Versions** openshift versions prior to 3.3.1.11 openshift versions prior to 3.2.1.23 openshift versions prior to 3.4 **Description** The issue arises when a volume fails to detach, resulting in a 'VolumeInUse' error during the delete operation. As the delete operation is retried every 30 seconds for each volume, this could lead to a denial of service attack. The repeated retries cause the number of API requests to exceed the cloud-provider's API rate-limit. **Recommendations** For versions prior to 3.3.1.11, update to version 3.3.1.11 or later to resolve the issue. For versions prior to 3.2.1.23, update to version 3.2.1.23 or later to resolve the issue. For versions prior to 3.4, update to version 3.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wildfly versions prior to 11.0.0.Beta1 **Description** The issue is related to a resource exhaustion problem in Undertow, which can lead to a denial of service. Undertow maintains a cache of seen HTTP headers in persistent connections. This cache can be exploited to fill memory with unnecessary data, up to a certain limit defined by the product's configuration, specifically "max-headers" and "max-header-size" per active TCP connection. **Recommendations** For versions prior to 11.0.0.Beta1, update to version 11.0.0.Beta1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: corosync versions prior to 2.4.4 Description: The issue is caused by an integer overflow in the exec/totemcrypto.c function of the corosync system, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: For versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Resteasy versions 3.0.22 and 3.1.2 Description: The issue is related to incomplete fixing of a previous problem in Yaml unmarshalling within Resteasy, allowing it to still occur via `Yaml.load()` in YamlProvider. Recommendations: For versions 3.0.22 and 3.1.2, if the YamlProvider is enabled, add authentication and authorization to the endpoint expecting Yaml content to prevent exploitation of this issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue allows local users to simulate hardware errors, leading to a denial of service. This is due to the failure to disable APEI error injection through the `einj error inject` function in drivers/acpi/apei/einj.c when securelevel is set. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openstack-tripleo-heat-templates versions prior to 7.0.6 openstack-tripleo-heat-templates versions prior to 8.0.0 **Description** A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume. **Recommendations** For openstack-tripleo-heat-templates versions prior to 7.0.6, update to version 7.0.6 or later to resolve the issue. For openstack-tripleo-heat-templates versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Red Hat Gluster Storage version 3.3 for RHEL 6 **Description** A previously fixed issue was not properly included in an erratum for Red Hat Gluster Storage, indicating an incomplete fix. **Recommendations** For Red Hat Gluster Storage version 3.3 for RHEL 6, ensure that the correct and complete fix for the issue is applied, as the initial erratum did not include the necessary corrections.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 (aka krb5) versions 1.15.2 and earlier **Description** The issue concerns the mishandling of Distinguished Name (DN) fields in untrusted X.509 data, which can lead to the execution of arbitrary code or cause a denial of service due to a buffer overflow and application crash. This is related to the `get matching data` and `X509 NAME oneline ex` functions. The security relevance of this issue is primarily outside of the MIT Kerberos distribution, such as in the use of `get matching data` in KDC certauth plugin code specific to Red Hat. **Recommendations** For versions 1.15.2 and earlier, update to a version later than 1.15.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ansible versions prior to 2.3 **Description** The issue is related to input validation in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. **Recommendations** For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Ansible server and limiting the privileges of the Ansible server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** xorg-x11-server versions prior to 1.19.5 **Description** The issue is related to missing length validation in the XFIXES extension, which allows a malicious X client to cause the X server to crash or possibly execute arbitrary code. **Recommendations** For versions prior to 1.19.5, update to version 1.19.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** xorg-x11-server versions prior to 1.19.5 **Description** The issue is related to missing length validation in the MIT-SCREEN-SAVER extension, which allows a malicious X client to cause the X server to crash or possibly execute arbitrary code. **Recommendations** For versions prior to 1.19.5, update to version 1.19.5 or later to resolve the issue.