Riccardo Schirone

**Name of the Vulnerable Software and Affected Versions** No information is available about the vulnerable software and its affected versions. **Description** No detailed information is provided about the issue, except that it is referred to as 'Уязвимость CVE-2021-20325'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** redhat-certification version 7 **Description** The issue allows an unauthenticated user to perform a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of a host, due to the improper restriction of recursive definitions of entities in XML documents. **Recommendations** For redhat-certification version 7, consider restricting or disabling the XMLRPC methods to minimize the risk of exploitation until a proper fix is available.

**Name of the Vulnerable Software and Affected Versions** redhat-certification version 7 **Description** The issue concerns the /configuration view of redhat-certification, which fails to perform an authorization check. This allows an unauthenticated user to remove a system file, specifically an XML file containing host-related information that does not belong to them. **Recommendations** For redhat-certification version 7, consider restricting access to the /configuration view to prevent unauthorized removal of system files until a proper authorization check is implemented. As a temporary workaround, restrict access to the system XML files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** redhat-certification version 7 **Description** The issue concerns the /configuration view, which lacks an authorization check. This allows an unauthenticated user to invoke a restart RPC method on any accessible host, regardless of ownership. **Recommendations** For redhat-certification version 7, consider restricting access to the /configuration view until a proper authorization check is implemented to prevent unauthorized RPC method calls. As a temporary workaround, restrict access to the restart RPC method to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** redhat-certification version 7 **Description** The issue is related to improper configuration, which allows listing of all files and directories in the /var/www/rhcert/store/transfer directory through the "/rhcert-transfer" API endpoint. This could be exploited by an unauthorized attacker to gather sensitive information. **Recommendations** For redhat-certification version 7, restrict access to the /rhcert-transfer URL to prevent unauthorized listing of files and directories.

Name of the Vulnerable Software and Affected Versions: stunnel versions prior to 5.57 Description: A flaw was found in stunnel where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality. Recommendations: For versions prior to 5.57, update to version 5.57 or later to resolve the issue. As a temporary workaround, consider disabling the use of both redirect and verifyChain options together until a patch is available. Restrict access to the tunneled service to minimize the risk of exploitation. Avoid using the redirect option with verifyChain until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions prior to 31 **Description** A flaw was found in the default configuration of dnsmasq, where it listens on any interface and accepts queries from addresses outside of its local subnet. The option `local-service` is not enabled, which may inadvertently make it an open resolver accessible from any address on the internet. This allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. **Recommendations** For versions prior to 31, enable the `local-service` option to prevent dnsmasq from listening on any interface and accepting queries from outside its local subnet. As a temporary workaround, consider restricting access to the dnsmasq service to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: podman versions prior to 1.7.0 Description: A flaw was found in podman where file permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. Although it does not allow direct escape from the container, the fact that it is a privileged container means many security features are disabled. The highest threat from this issue is to data confidentiality and integrity as well as system availability. Recommendations: For podman versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of privileged containers to minimize the risk of exploitation. Additionally, ensure that access to sensitive files within the container is tightly controlled and monitored.

**Name of the Vulnerable Software and Affected Versions** Podman versions 1.6.0 and later **Description** A flaw was discovered in Podman where it incorrectly allows containers to overwrite existing files in volumes, even if they are mounted as read-only. This issue can be triggered when a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, allowing the overwrite of files in the volume. **Recommendations** For Podman versions 1.6.0 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** psutil versions through 5.6.5 **Description** The issue is related to a double free error in the Psutil library, which is used for tracking computer resources. This error occurs due to incorrect reference count handling when converting system data into a Python object within loops. Exploitation of this issue can allow a remote attacker to cause a denial of service. **Recommendations** For psutil versions through 5.6.5, update to a version later than 5.6.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SDL versions prior to 1.2.15 SDL versions 2.x prior to 2.0.9 **Description** A heap-based buffer overflow flaw exists while copying an existing surface into a new optimized one, due to a lack of validation while loading a BMP image. This issue affects applications that use SDL to parse untrusted input files, which could allow an attacker to make the application crash or execute code. **Recommendations** For SDL versions prior to 1.2.15, update to a version later than 1.2.15 to resolve the issue. For SDL versions 2.x prior to 2.0.9, update to a version later than 2.0.9 to resolve the issue. As a temporary workaround, consider restricting the use of SDL for parsing untrusted input files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** QEMU versions 3.1 through 4.0.0 **Description** The issue is related to a security flaw in the `qemu-bridge-helper.c` function of the QEMU hardware emulator. This flaw can lead to an ACL bypass due to the lack of limitation on the network interface name size, which is obtained from `bridge.conf` or a `--br=bridge` option. The exploitation of this flaw may allow an attacker to gain unauthorized access to information, cause a denial of service, or impact the availability of information. **Recommendations** For QEMU versions 3.1 through 4.0.0, consider restricting access to the `qemu-bridge-helper.c` function until a patch is available. As a temporary workaround, limit the network interface name size to the `IFNAMSIZ` size to prevent potential ACL bypass. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** systemd version 240 **Description** The issue is related to the function `bus open system watch bind with description` in `shared/bus-util.c` of the Systemd daemon, which has inadequate access control. This can be exploited by an unprivileged user to elevate their privileges and modify DNS settings by executing restricted D-Bus methods. The `sd bus set trusted` call disables access controls for incoming D-Bus messages, allowing the exploitation. **Recommendations** For version 240, consider disabling the `bus open system watch bind with description` function as a temporary workaround until a patch is available. Restrict access to the `systemd-resolved` component to minimize the risk of exploitation. Avoid using the `sd bus set trusted` call in the affected D-Bus instance until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Linux versions since v219-62.2 **Description** A memory leak was discovered in the backport of fixes in Red Hat Enterprise Linux. The function `dispatch message real()` in `journald-server.c` does not free the memory allocated by `set iovec field free()` to store the ` CMDLINE=` entry. A local attacker may use this flaw to make `systemd-journald` crash, resulting in a denial of service. **Recommendations** For versions since v219-62.2, update to a version that includes the fix for the memory leak issue in the `dispatch message real()` function. As a temporary workaround, consider restricting access to the `systemd-journald` service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** redhat-certification (affected versions not specified) **Description** An uncontrolled resource consumption flaw has been discovered in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat certification (affected versions not specified) **Description** The issue is related to improper path sanitization in the `rhcertStore.py` module, specifically in the ` saveResultsFile` function. This could allow a remote attacker to overwrite any file, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** redhat-certification (affected versions not specified) **Description** The issue allows a remote attacker to download any file accessible by the user running httpd through the /download page, due to improper restriction of files by redhat-certification. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.27.3 **Description** The issue is related to the `git delta apply` function in the delta.c component of libgit2, which is used for Git implementation in C. It involves an out of bound read due to an unexpected sign extension, potentially leading to an integer overflow. This could allow a remote attacker to access confidential data or cause a Denial of Service, possibly leaking memory addresses. **Recommendations** For versions prior to 0.27.3, update to version 0.27.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `git delta apply` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libgit2 versions prior to 0.27.3 **Description** The issue is related to a flaw in the git delta apply function within the delta.c file of libgit2, which can lead to an out-of-bound read while reading a binary delta file. This can be exploited by a remote attacker to cause a Denial of Service. **Recommendations** For versions prior to 0.27.3, update to version 0.27.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the git delta apply function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.7-28 **Description** The issue is related to an off-by-one read vulnerability in the `formatIPTCfromBuffer` function in `coders/meta.c`. This vulnerability allows an attacker to read beyond the end of the buffer or crash the program, potentially leading to unauthorized access to confidential data and denial of service. **Recommendations** For versions prior to 7.0.7-28, update to version 7.0.7-28 or later to resolve the issue. As a temporary workaround, consider restricting access to the `formatIPTCfromBuffer` function in `coders/meta.c` to minimize the risk of exploitation.