redhat-virtualization-host-image-update vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the redhat-virtualization-host-image-update package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Insufficient Verification of Data Authenticity	*
L Access of Resource Using Incompatible Type ('Type Confusion')	*
H Insufficiently Protected Credentials	<0:4.3.5-20190722.0.el7_7
H Incorrect Authorization	<0:4.2-20190219.0.el7_6
M Untrusted Search Path	<0:4.2-20180724.0.el7_5
M Improper Input Validation	<0:4.2-20180724.0.el7_5
M Information Exposure Through Log Files	<0:4.2-20180622.0.el7_5
M Double Free	*
M Use After Free	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
L Access of Resource Using Incompatible Type ('Type Confusion')	*
L Access of Resource Using Incompatible Type ('Type Confusion')	*
M Memory Leak	*
M CVE-2022-38090	*
M Incorrect Calculation	*
M Information Exposure	*
H Use After Free	<0:4.3.23-20220622.0.el7_9
M Arbitrary Command Injection	*
H Use After Free	<0:4.3.23-20220622.0.el7_9
H Out-of-bounds Write	<0:4.3.23-20220622.0.el7_9
M Arbitrary Command Injection	*
H Incorrect Behavior Order: Early Validation	<0:4.3.23-20220622.0.el7_9
M Missing Initialization of Resource	*
H Out-of-Bounds	<0:4.3.23-20220622.0.el7_9
M Use After Free	*
H Loop with Unreachable Exit Condition ('Infinite Loop')	<0:4.3.22-20220330.1.el7_9
M Race Condition	*
H Use After Free	*
H SQL Injection	<0:4.3.22-20220330.1.el7_9
H Incorrect Behavior Order: Early Validation	<0:4.3.22-20220330.1.el7_9
H Integer Overflow or Wraparound	<0:4.3.22-20220330.1.el7_9
H Inappropriate Encoding for Output Context	<0:4.3.22-20220330.1.el7_9
H Use After Free	<0:4.3.22-20220330.1.el7_9
H Out-of-bounds Read	<0:4.3.21-20220126.0.el7_9
H Improper Preservation of Permissions	<0:4.3.22-20220330.1.el7_9
H Out-of-bounds Write	<0:4.3.22-20220330.1.el7_9
H Incorrect Calculation of Buffer Size	<0:4.3.22-20220330.1.el7_9
H Race Condition	<0:4.3.22-20220330.1.el7_9
H Use After Free	*
H Use After Free	<0:4.3.22-20220330.1.el7_9
C Buffer Overflow	<0:4.3.20-20211202.1.el7_9
H Use After Free	<0:4.3.22-20220330.1.el7_9
H Improper Input Validation	<0:4.3.21-20220126.0.el7_9
M Improper Input Validation	<0:4.2-20181121.0.el7_6
M Out-of-bounds Read	*
M Improper Input Validation	*
H Incorrect Privilege Assignment	<0:4.1-20180426.0.el7_5
M Allocation of Resources Without Limits or Throttling	<0:4.2-20181026.0.el7_6
M Improper Input Validation	<0:4.2-20181026.0.el7_6
M Resource Exhaustion	<0:4.2-20181026.0.el7_6
M Directory Traversal	<0:4.2-20181026.0.el7_6
M Heap-based Buffer Overflow	<0:4.2-20181026.0.el7_6
M Buffer Overflow	<0:4.2-20181026.0.el7_6
M Improper Input Validation	<0:4.2-20181026.0.el7_6
M Improper Input Validation	<0:4.2-20181026.0.el7_6
M Improper Input Validation	<0:4.2-20181026.0.el7_6
M Link Following	<0:4.2-20181026.0.el7_6
M Improper Input Validation	<0:4.2-20181026.0.el7_6
M Improper Input Validation	<0:4.2-20181026.0.el7_6
M Information Exposure	<0:4.2-20181026.0.el7_6
M NULL Pointer Dereference	<0:4.2-20181026.0.el7_6
M Stack-based Buffer Overflow	<0:4.2-20181026.0.el7_6
M Untrusted Search Path	<0:4.2-20181026.0.el7_6
H Buffer Overflow	<0:4.3.12-20201216.0.el7_9
H Use After Free	<0:4.3.18-20210903.0.el7_9
H Arbitrary Command Injection	<0:4.3.18-20210903.0.el7_9
H Integer Overflow or Wraparound	<0:4.3.5-20190722.0.el7_7
L Out-of-bounds Read	*
H Off-by-one Error	<0:4.2-20190219.0.el7_6
M Missing Initialization of Resource	<0:4.3-20190610.0.el7_6
M Allocation of Resources Without Limits or Throttling	<0:4.2-20190129.0.el7_6
M Allocation of Resources Without Limits or Throttling	<0:4.2-20190129.0.el7_6
M Authentication Bypass by Primary Weakness	<0:4.2-20181026.0.el7_6
M Deserialization of Untrusted Data	<0:4.2-20181026.0.el7_6
M Improper Input Validation	<0:4.2-20181026.0.el7_6
M Out-of-Bounds	<0:4.2-20181026.0.el7_6
H Sensitive Information Uncleared Before Release	<0:4.2-20180813.0.el7_5
H Arbitrary Command Injection	<0:4.2-20180508.0.el7_5
H Integer Overflow or Wraparound	<0:4.2-20180531.0.el7_5
H Integer Overflow or Wraparound	<0:4.2-20180531.0.el7_5
H Resource Exhaustion	<0:4.2-20180813.0.el7_5
H Sensitive Information Uncleared Before Release	<0:4.2-20180813.0.el7_5
H Out-of-bounds Write	<0:4.3.17-20210713.0.el7_9
H Directory Traversal	<0:4.2-20180828.2.el7_5
H Sensitive Information Uncleared Before Release	<0:4.2-20180518.2.el7_5
H Execution with Unnecessary Privileges	<0:4.2-20180508.0.el7_5
H Execution with Unnecessary Privileges	<0:4.2-20180508.0.el7_5
H Use After Free	<0:4.3.17-20210713.0.el7_9
H Incomplete Cleanup	<0:4.3.16-20210615.0.el7_9
H Incorrect Conversion between Numeric Types	<0:4.1-20170816.2.el7_4
M Improper Input Validation	<0:4.0-20170307.1.el7_3
M Improper Input Validation	<0:4.0-20170307.1.el7_3
H Out-of-bounds Read	<0:4.3.11-20200922.0.el7_9
H Out-of-bounds Write	<0:4.3.11-20200922.0.el7_9
H Integer Overflow or Wraparound	<0:4.3.16-20210615.0.el7_9
H Heap-based Buffer Overflow	<0:4.3.13-20210127.0.el7_9
H Out-of-Bounds	<0:4.3.16-20210615.0.el7_9
H Improperly Implemented Security Check for Standard	<0:4.3.13-20210127.0.el7_9
H Sensitive Information Uncleared Before Release	<0:4.3.6-20191108.0.el7_7
H Sensitive Information Uncleared Before Release	<0:4.3.6-20191108.0.el7_7
H Authentication Bypass	<0:4.3.13-20210127.0.el7_9
H Inadequate Encryption Strength	<0:4.3.13-20210127.0.el7_9
H Improper Privilege Management	<0:4.3.5-20190722.0.el7_7
H Race Condition	<0:4.3.18-20210903.0.el7_9
M Improper Neutralization of Special Elements	*
M Directory Traversal	*
H Stack-based Buffer Overflow	<0:4.3.5-20190722.0.el7_7
M Improper Authentication	*
L Integer Overflow or Wraparound	*
M NULL Pointer Dereference	<0:4.3.9-20200324.0.el7_8
H Buffer Overflow	<0:4.3.5-20190920.0.el7_7
M Covert Timing Channel	<0:4.3.6-20190924.0.el7_7
M NULL Pointer Dereference	*
H Improper Access Control	<0:4.3.4-20190620.3.el7_6
H Improper Access Control	<0:4.3.4-20190620.3.el7_6
H Improper Access Control	<0:4.3.4-20190620.3.el7_6
H Improper Access Control	<0:4.3.4-20190620.3.el7_6
H Integer Overflow or Wraparound	<0:4.3.4-20190620.3.el7_6
H Resource Exhaustion	<0:4.3.4-20190620.3.el7_6
H Resource Exhaustion	<0:4.3.4-20190620.3.el7_6
H Out-of-bounds Read	<0:4.3-20190418.0.el7_6
L Integer Overflow or Wraparound	*
L Integer Overflow or Wraparound	*
L Integer Overflow or Wraparound	*
L Integer Overflow or Wraparound	*
H Sensitive Information Uncleared Before Release	<0:4.3-20190512.0.el7_6
H Information Exposure	<0:4.3-20190512.0.el7_6
H Sensitive Information Uncleared Before Release	<0:4.3-20190512.0.el7_6
H Sensitive Information Uncleared Before Release	<0:4.3-20190512.0.el7_6
H Improper Input Validation	<0:4.2-20190219.0.el7_6
H Encoding Error	<0:4.2-20190411.1.el7_6
H Improper Input Validation	<0:4.3.18-20210903.0.el7_9
H Out-of-bounds Write	<0:4.3.18-20210903.0.el7_9
M Incorrect Authorization	<0:4.3.19-20211013.0.el7_9
C Use After Free	<0:4.3.20-20211202.1.el7_9
M Resource Exhaustion	<0:4.3.14-20210322.0.el7_9
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Out-of-bounds Read	*
L Improper Handling of Length Parameter Inconsistency	*
H Missing Required Cryptographic Step	<0:4.3.5-20190722.0.el7_7
H Encoding Error	<0:4.3.5-20190722.0.el7_7
M Information Exposure	<0:4.3-20190409.0.el7_6
M Information Exposure	*
M Information Exposure	*
M Information Exposure	*

redhat-virtualization-host-image-update vulnerabilities

Direct Vulnerabilities

How to fix?