Enterprise Linux Server
by Red Hat
CVEs (1,624)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-0902 | Hig | 0.46 | 8.1 | 0.05 | Aug 31, 2017 | RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. | ||
| CVE-2014-0143 | Hig | 0.46 | 7.0 | 0.00 | Aug 10, 2017 | Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in… | ||
| CVE-2017-1000376 | Hig | 0.46 | 7.0 | 0.01 | Jun 19, 2017 | libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be… | ||
| CVE-2016-0721 | Hig | 0.46 | 8.1 | 0.02 | Apr 21, 2017 | Session fixation vulnerability in pcsd in pcs before 0.9.157. | ||
| CVE-2016-4989 | Hig | 0.46 | 7.0 | 0.00 | Apr 11, 2017 | setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3)… | ||
| CVE-2016-4446 | Hig | 0.46 | 7.0 | 0.00 | Apr 11, 2017 | The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function. | ||
| CVE-2016-4445 | Hig | 0.46 | 7.0 | 0.00 | Apr 11, 2017 | The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function. | ||
| CVE-2016-4444 | Hig | 0.46 | 7.0 | 0.00 | Apr 11, 2017 | The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function. | ||
| CVE-2016-2150 | Hig | 0.46 | 7.1 | 0.00 | Jun 9, 2016 | SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261. | ||
| CVE-2015-5261 | Hig | 0.46 | 7.1 | 0.00 | Jun 7, 2016 | Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation. | ||
| CVE-2016-1762 | Hig | 0.46 | 8.1 | 0.06 | Mar 24, 2016 | The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | ||
| CVE-2014-0196 | Med | 0.46 | 5.5 | 0.22 | KEV | May 7, 2014 | The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering… | |
| CVE-2009-3939 | Hig | 0.46 | 7.1 | 0.00 | Nov 16, 2009 | The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. | ||
| CVE-2026-3012 | Hig | 0.45 | 8.0 | 0.00 | May 27, 2026 | A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An… | ||
| CVE-2016-6170 | Med | 0.45 | 6.5 | 0.41 | Jul 6, 2016 | ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via… | ||
| CVE-2023-4001 | Med | 0.44 | 6.8 | 0.01 | Jan 15, 2024 | An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB… | ||
| CVE-2023-6238 | Med | 0.44 | 6.7 | 0.00 | Nov 21, 2023 | A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing… | ||
| CVE-2023-39192 | Med | 0.44 | 6.7 | 0.00 | Oct 9, 2023 | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array… | ||
| CVE-2022-4318 | Hig | 0.44 | 7.8 | 0.00 | Sep 25, 2023 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | ||
| CVE-2023-4394 | Med | 0.44 | 6.7 | 0.00 | Aug 17, 2023 | A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information |
- risk 0.46cvss 8.1epss 0.05
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
- risk 0.46cvss 7.0epss 0.00
Multiple integer overflows in the block drivers in QEMU, possibly before 2.0.0, allow local users to cause a denial of service (crash) via a crafted catalog size in (1) the parallels_open function in block/parallels.c or (2) bochs_open function in bochs.c, a large L1 table in…
- risk 0.46cvss 7.0epss 0.01
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be…
- risk 0.46cvss 8.1epss 0.02
Session fixation vulnerability in pcsd in pcs before 0.9.157.
- risk 0.46cvss 7.0epss 0.00
setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a crafted (2) local_id or (3)…
- risk 0.46cvss 7.0epss 0.00
The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.
- risk 0.46cvss 7.0epss 0.00
The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutput function.
- risk 0.46cvss 7.0epss 0.00
The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.
- risk 0.46cvss 7.1epss 0.00
SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.
- risk 0.46cvss 7.1epss 0.00
Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to read and write to arbitrary memory locations on the host via guest QXL commands related to surface creation.
- risk 0.46cvss 8.1epss 0.06
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
- risk 0.46cvss 5.5epss 0.22
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering…
- risk 0.46cvss 7.1epss 0.00
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
- risk 0.45cvss 8.0epss 0.00
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An…
- risk 0.45cvss 6.5epss 0.41
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via…
- risk 0.44cvss 6.8epss 0.01
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB…
- risk 0.44cvss 6.7epss 0.00
A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing…
- risk 0.44cvss 6.7epss 0.00
A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array…
- risk 0.44cvss 7.8epss 0.00
A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable.
- risk 0.44cvss 6.7epss 0.00
A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information
Page 24 of 82