Marian Rehak

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions prior to the fixed version **Description** A heap-buffer-overflow vulnerability was found in LibTIFF, specifically in the `extractImageSection()` function at `tools/tiffcrop.c:7916` and `tools/tiffcrop.c:7801`. This flaw allows attackers to cause a denial of service via a crafted tiff file. The vulnerability is related to buffer copying without input size checking, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For LibTIFF versions prior to the fixed version, consider disabling the `extractImageSection()` function until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open vSwitch (affected versions not specified) **Description** A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. The vulnerability is related to insufficient authentication of data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Advancecomp (affected versions not specified) **Description** A segmentation fault flaw was found in the Advancecomp package, which may lead to decreased availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow in the ImageMagick package, which can cause the application to crash. This can be exploited by an attacker to disrupt service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** bash (affected versions not specified) **Description** The issue is related to a heap-buffer overflow in the `valid parameter transform` function of the bash package, which can lead to memory problems. This can potentially allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WildFly (affected versions not specified) **Description** A flaw was found in WildFly, allowing an attacker to see deployment names, endpoints, and any other data the trace payload may contain. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** satellite (affected versions not specified) **Description** A flaw was found that grants excessive permissions when giving granular permission related to the organization, allowing a user to view and manage other organizations. This poses a significant threat to data confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the Linux kernel's implementation of IO-URING, allowing an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. The flaw is related to the use of memory after it has been freed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free flaw was found in the Linux kernel in log replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem, potentially allowing an attacker to access confidential data and cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** swaylock versions prior to 1.6 **Description** The issue allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor. **Recommendations** For versions prior to 1.6, update to version 1.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Keycloak versions prior to 17.0.0 **Description** A POST based reflected Cross Site Scripting vulnerability has been identified in Keycloak. The issue exists due to inadequate protection of the web page structure, allowing a remote attacker to execute arbitrary code. The vulnerability can be exploited via a reflected XSS attack. **Recommendations** For Keycloak versions prior to 17.0.0, update to version 17.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to vulnerable API endpoints until a patch is available. Avoid using the `Content-Type` header with the value `application/json` in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** python-oslo-utils (affected versions not specified) **Description** A flaw was found in python-oslo-utils due to improper parsing. Passwords with a double quote (") in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16.9 Linux kernel versions prior to 5.15.23 Linux kernel versions prior to 5.10.100 Linux kernel versions prior to 5.4.179 Linux kernel versions prior to 4.19.229 Linux kernel versions prior to 4.14.266 Linux kernel versions prior to 4.9.301 **Description** The issue is related to a stack overflow flaw in the Linux kernel's TIPC protocol functionality. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. The vulnerability is caused by a lack of validation of the number of domain member nodes, which can lead to a buffer overflow. The vulnerability can be exploited by sending a specially crafted network packet with a high number of domain member nodes. The issue affects systems with the TIPC module loaded and the TIPC bearer enabled, which is typically used in clusters and not enabled by default in non-specialized Linux distributions. **Recommendations** For Linux kernel versions prior to 5.16.9, update to version 5.16.9 or later. For Linux kernel versions prior to 5.15.23, update to version 5.15.23 or later. For Linux kernel versions prior to 5.10.100, update to version 5.10.100 or later. For Linux kernel versions prior to 5.4.179, update to version 5.4.179 or later. For Linux kernel versions prior to 4.19.229, update to version 4.19.229 or later. For Linux kernel versions prior to 4.14.266, update to version 4.14.266 or later. For Linux kernel versions prior to 4.9.301, update to version 4.9.301 or later. As a temporary workaround, consider disabling the TIPC module until a patch is available. Restrict access to the TIPC network to minimize the risk of exploitation. Avoid using the TIPC protocol until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the smb2 ioctl query info function in the Linux kernel's Common Internet File System (CIFS), specifically due to an incorrect return from the memdup user function. This flaw allows a local, privileged attacker to crash the system, resulting in a denial of service. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: kiali-operator versions prior to 1.33.0 kiali-operator versions prior to 1.24.7 Description: An incorrect access control flaw was found in the kiali-operator. This flaw allows an attacker with a basic level of access to the cluster to deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this flaw is to data confidentiality and integrity as well as system availability. Recommendations: For versions prior to 1.33.0, update to version 1.33.0 or later. For versions prior to 1.24.7, update to version 1.24.7 or later. As a temporary workaround, consider restricting access to the cluster to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** A flaw in ImageMagick is caused by the improper use of open functions, leading to a denial of service. This issue allows an attacker to crash the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ovirt-engine versions 4.4.3 and earlier **Description** A flaw in ovirt-engine allows an authenticated user to read other users' personal information, including name, email, and public SSH key. This issue is related to information disclosure. **Recommendations** For ovirt-engine versions 4.4.3 and earlier, update to a version later than 4.4.3 to resolve the issue. As a temporary workaround, consider restricting access to personal information until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Keycloak versions prior to 11.0.0 **Description** A flaw was found in the code base where usages of ObjectInputStream are without type checks. This allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. **Recommendations** For versions prior to 11.0.0, update to version 11.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ObjectInputStream usage to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a buffer overflow in the Direct IO function of the Linux kernel, which can be exploited to gain unauthorized access to protected information or cause a denial of service. This flaw can lead to the NFS client crashing and, in some cases, cause a kernel panic after a memory allocation by kmalloc. The primary threats posed by this issue are to data confidentiality and system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU versions up to and including 4.2.0 **Description** The issue is related to an out-of-bounds heap buffer access in the ARM Generic Interrupt Controller emulator of QEMU. This occurs because the interrupt ID written to the controller memory area is not masked to be 4 bits wide, potentially leading to issues when updating controller state fields and their subsequent processing. A privileged guest user may exploit this to crash the QEMU process on the host, resulting in a denial-of-service scenario. **Recommendations** For QEMU versions up to and including 4.2.0, consider updating to a version where this issue is fixed, as the current version may allow a privileged guest user to crash the QEMU process, leading to a denial-of-service scenario. At the moment, there is no information about a newer version that contains a fix for this vulnerability.