Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux
Total 65 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-1048 3 Fedoraproject, Gnu, Redhat 3 Fedora, Grub2, Enterprise Linux 2024-03-21 N/A 3.3 LOW
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks.
CVE-2015-2877 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-03-21 2.1 LOW 3.3 LOW
Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities
CVE-2023-4535 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2024-02-23 N/A 3.8 LOW
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.
CVE-2024-0217 3 Fedoraproject, Packagekit Project, Redhat 3 Fedora, Packagekit, Enterprise Linux 2024-02-02 N/A 3.3 LOW
A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.
CVE-2023-2602 4 Debian, Fedoraproject, Libcap Project and 1 more 4 Debian Linux, Fedora, Libcap and 1 more 2023-12-10 N/A 3.3 LOW
A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.
CVE-2023-1513 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2023-12-10 N/A 3.3 LOW
A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.
CVE-2021-3923 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2023-12-10 N/A 2.3 LOW
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
CVE-2022-41862 3 Fedoraproject, Postgresql, Redhat 6 Fedora, Postgresql, Enterprise Linux and 3 more 2023-12-10 N/A 3.7 LOW
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
CVE-2020-14394 3 Fedoraproject, Qemu, Redhat 5 Extra Packages For Enterprise Linux, Fedora, Qemu and 2 more 2023-12-10 N/A 3.2 LOW
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
CVE-2021-4217 3 Fedoraproject, Redhat, Unzip Project 3 Fedora, Enterprise Linux, Unzip 2023-12-10 N/A 3.3 LOW
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
CVE-2021-3716 2 Nbdkit Project, Redhat 2 Nbdkit, Enterprise Linux 2023-12-10 3.5 LOW 3.1 LOW
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
CVE-2020-35501 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2023-12-10 3.6 LOW 3.4 LOW
A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem
CVE-2022-0987 2 Packagekit Project, Redhat 2 Packagekit, Enterprise Linux 2023-12-10 2.1 LOW 3.3 LOW
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
CVE-2021-3593 4 Debian, Fedoraproject, Libslirp Project and 1 more 4 Debian Linux, Fedora, Libslirp and 1 more 2023-12-10 2.1 LOW 3.8 LOW
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2021-20239 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2023-12-10 2.1 LOW 3.3 LOW
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3594 4 Debian, Fedoraproject, Libslirp Project and 1 more 4 Debian Linux, Fedora, Libslirp and 1 more 2023-12-10 2.1 LOW 3.8 LOW
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2021-3655 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2023-12-10 2.1 LOW 3.3 LOW
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
CVE-2021-3592 4 Debian, Fedoraproject, Libslirp Project and 1 more 4 Debian Linux, Fedora, Libslirp and 1 more 2023-12-10 2.1 LOW 3.8 LOW
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
CVE-2020-1702 2 Containers-image Project, Redhat 2 Containers-image, Enterprise Linux 2023-12-10 4.3 MEDIUM 3.3 LOW
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
CVE-2021-3595 4 Debian, Fedoraproject, Libslirp Project and 1 more 4 Debian Linux, Fedora, Libslirp and 1 more 2023-12-10 2.1 LOW 3.8 LOW
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.