VYPR

Enterprise Linux Server

by Red Hat

CVEs (1,623)

  • CVE-2026-5121HigMar 30, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could…

  • CVE-2026-2436MedMar 26, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection…

  • CVE-2026-4424HigMar 19, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a…

  • CVE-2025-12801MedMar 4, 2026
    risk 0.42cvss 6.5epss 0.00

    A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or…

  • CVE-2025-32990MedJul 10, 2025
    risk 0.42cvss 6.5epss 0.01

    A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory…

  • CVE-2025-5351MedJul 4, 2025
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free…

  • CVE-2025-6021HigJun 12, 2025
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

  • CVE-2024-12088MedJan 14, 2025
    risk 0.42cvss 6.5epss 0.05

    A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary…

  • CVE-2023-6240MedFeb 4, 2024
    risk 0.42cvss 6.5epss 0.01

    A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.

  • CVE-2023-6683MedJan 12, 2024
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference.…

  • CVE-2023-5455MedJan 10, 2024
    risk 0.42cvss 6.5epss 0.01

    A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system…

  • CVE-2023-6277MedNov 24, 2023
    risk 0.42cvss 6.5epss 0.02

    An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.

  • CVE-2023-5088MedNov 3, 2023
    risk 0.42cvss 6.4epss 0.00

    A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk…

  • CVE-2023-4091MedNov 3, 2023
    risk 0.42cvss 6.5epss 0.01

    A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client…

  • CVE-2023-1193MedNov 1, 2023
    risk 0.42cvss 6.5epss 0.01

    A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.

  • CVE-2023-42755MedOct 5, 2023
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system…

  • CVE-2022-4244HigSep 25, 2023
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file…

  • CVE-2023-5158MedSep 25, 2023
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor.

  • CVE-2023-4527MedSep 18, 2023
    risk 0.42cvss 6.5epss 0.02

    A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function…

  • CVE-2023-3255MedSep 13, 2023
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is…

Page 27 of 82