Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux
Total 1416 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3596 4 Debian, Fedoraproject, Imagemagick and 1 more 4 Debian Linux, Fedora, Imagemagick and 1 more 2022-07-01 4.3 MEDIUM 6.5 MEDIUM
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.
CVE-2021-3657 3 Fedoraproject, Isync Project, Redhat 3 Fedora, Isync, Enterprise Linux 2022-07-01 7.5 HIGH 9.8 CRITICAL
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.
CVE-2021-3578 3 Fedoraproject, Mbsync Project, Redhat 6 Fedora, Mysync, Enterprise Linux and 3 more 2022-07-01 7.2 HIGH 7.8 HIGH
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client.
CVE-2022-1353 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2022-07-01 3.6 LOW 7.1 HIGH
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2015-0411 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2022-07-01 7.5 HIGH N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
CVE-2016-3471 3 Mariadb, Oracle, Redhat 3 Mariadb, Mysql, Enterprise Linux 2022-07-01 7.1 HIGH 7.5 HIGH
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
CVE-2012-3177 5 Canonical, Debian, Mariadb and 2 more 9 Ubuntu Linux, Debian Linux, Mariadb and 6 more 2022-07-01 6.8 MEDIUM N/A
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
CVE-2021-3737 5 Canonical, Fedoraproject, Netapp and 2 more 14 Ubuntu Linux, Fedora, Hci and 11 more 2022-07-01 7.1 HIGH 7.5 HIGH
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
CVE-2022-32547 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2022-06-30 6.8 MEDIUM 7.8 HIGH
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.
CVE-2022-32546 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2022-06-30 6.8 MEDIUM 7.8 HIGH
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVE-2020-1712 2 Redhat, Systemd Project 6 Ceph Storage, Discovery, Enterprise Linux and 3 more 2022-06-30 4.6 MEDIUM 7.8 HIGH
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
CVE-2022-32545 3 Fedoraproject, Imagemagick, Redhat 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more 2022-06-30 6.8 MEDIUM 7.8 HIGH
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior.
CVE-2018-10237 3 Google, Oracle, Redhat 18 Guava, Banking Payments, Communications Ip Service Activator and 15 more 2022-06-29 4.3 MEDIUM 5.9 MEDIUM
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CVE-2022-1048 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2022-06-29 6.9 MEDIUM 7.0 HIGH
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-1665 1 Redhat 1 Enterprise Linux 2022-06-29 4.6 MEDIUM 8.8 HIGH
A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.
CVE-2014-4650 2 Python, Redhat 3 Python, Enterprise Linux, Software Collections 2022-06-27 7.5 HIGH 9.8 CRITICAL
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator.
CVE-2021-3750 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2022-06-24 4.6 MEDIUM 8.2 HIGH
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.
CVE-2021-3611 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2022-06-24 2.1 LOW 6.5 MEDIUM
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
CVE-2022-1998 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2022-06-15 7.2 HIGH 7.8 HIGH
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2022-1652 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2022-06-15 7.2 HIGH 7.8 HIGH
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.