Tej Rathi

Name of the Vulnerable Software and Affected Versions: Poppler (affected versions not specified) Description: A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using the `-dests` parameter with the `pdfinfo` utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw was found in Keycloak's OIDC component in the `checkLoginIframe`, which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Keycloak (affected versions not specified) Description: A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. The vulnerability exists due to the lack of protection of the web page structure, which can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete Keycloak instance. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Nano (affected versions not specified) **Description** A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. The vulnerability is related to errors in handling temporary files, which can be exploited to impact data integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xorg-server (affected versions not specified) **Description** The issue is related to a heap-based buffer over-read vulnerability in the `ProcXIGetSelectedEvents()` function of the X.org server. This occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, especially when triggered by a client with a different endianness. An attacker could exploit this to cause the X server to read heap memory values and transmit them back to the client until encountering an unmapped page, resulting in a crash. Although the attacker cannot control the specific memory copied into the replies, small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xorg servers (affected versions not specified) **Description** A use-after-free vulnerability was found in the `ProcRenderAddGlyphs()` function of Xorg servers. This issue occurs when `AllocateGlyph()` is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently, `ProcRenderAddGlyphs()` may free a glyph, leading to a use-after-free scenario when the same glyph pointer is subsequently accessed. This flaw allows an authenticated attacker to execute arbitrary code on the system by sending a specially crafted request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xorg-server (affected versions not specified) **Description** The issue is related to a heap-based buffer over-read vulnerability in the ProcXIPassiveGrabDevice() function of the Xorg-server. This vulnerability occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, especially when triggered by a client with a different endianness. An attacker could exploit this to cause the X server to read heap memory values and transmit them back to the client until encountering an unmapped page, resulting in a crash. Although the attacker cannot control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unbound (affected versions not specified) **Description** A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSC (affected versions not specified) **Description** An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSC (affected versions not specified) **Description** The issue is related to several memory vulnerabilities within the OpenSC packages, specifically in the card enrollment process using pkcs15-init. An attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise of key generation, certificate loading, and other card management operations during enrollment. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSC (affected versions not specified) **Description** A flaw was found in OpenSC packages that allows a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** subscription-manager (affected versions not specified) **Description** A flaw in the authorization procedure of the D-Bus interface com.redhat.RHSM1 allows local privilege escalation. The interface exposes several methods to all users, which can change the state of the registration. By using the `com.redhat.RHSM1.Config.SetAll()` method, a low-privileged local user can tamper with the registration state, potentially unregistering the system or changing current entitlements. This issue can be exploited to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, leading to local privilege escalation to an unconfined root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** insights-client (affected versions not specified) **Description** A security issue occurs due to insecure file operations or unsafe handling of temporary files and directories, leading to local privilege escalation. An unprivileged local user or attacker could create the /var/tmp/insights-client directory with read, write, and execute permissions before the insights-client is registered by root. After registration, an attacker could control the directory content by putting malicious scripts into it and executing arbitrary code as root, bypassing SELinux protections. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba (affected versions not specified) **Description** The issue is related to an out-of-bounds read vulnerability in Samba due to insufficient length checks in the `winbindd pam auth crap.c` component. This vulnerability can be exploited when performing NTLM authentication, as the client replies to cryptographic challenges back to the server with variable lengths, and Winbind fails to check the lan manager response length. A maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff (affected versions not specified) **Description** A flaw was found in libtiff, where a specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the `Fax3Encode` function in libtiff/tif fax3.c, resulting in a denial of service. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** A flaw was found in the 9p passthrough filesystem (9pfs) implementation. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. This issue may allow an attacker to bypass existing access restriction policies. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG (affected versions not specified) **Description** A flaw in OpenJPEG allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file. The vulnerability is related to uncontrolled resource consumption, which can be exploited by an attacker to cause a denial of service using a specially crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libreswan (affected versions not specified) **Description** A security issue was found in the libreswan library. This occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This issue exists due to a security regression in the libreswan package. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Linux (affected versions not specified) **Description** The issue is related to inadequate access control in the operating system, which can be exploited by a remote attacker to gain unauthorized access to limited functions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.