VYPR

Vendor CVEs

Red Hat

All CVEs

3,692 total · sorted by risk
  • CVE-2025-26600HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.

  • CVE-2025-26599HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before,…

  • CVE-2025-26598HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the…

  • CVE-2025-26597HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a…

  • CVE-2025-26596HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

  • CVE-2025-26595HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of…

  • CVE-2025-26594HigFeb 25, 2025
    risk 0.51cvss 7.8epss 0.00

    A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

  • CVE-2024-52336HigNov 26, 2024
    risk 0.51cvss 7.8epss 0.00

    A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post`…

  • CVE-2024-9050HigOct 22, 2024
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special…

  • CVE-2016-7066HigSep 11, 2018
    risk 0.51cvss 7.8epss 0.00

    It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

  • CVE-2016-8657HigJul 31, 2018
    risk 0.51cvss 7.8epss 0.00

    It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat…

  • CVE-2017-15101HigJul 27, 2018
    risk 0.51cvss 7.8epss 0.02

    A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution.

  • CVE-2018-10905HigJul 24, 2018
    risk 0.51cvss 7.8epss 0.00

    CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user.

  • CVE-2017-12189HigJan 10, 2018
    risk 0.51cvss 7.8epss 0.00

    It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.

  • CVE-2017-15131HigJan 9, 2018
    risk 0.51cvss 7.8epss 0.00

    It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

  • CVE-2013-4364HigJan 8, 2018
    risk 0.51cvss 7.8epss 0.00

    (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.

  • CVE-2017-15103HigDec 18, 2017
    risk 0.51cvss 8.8epss 0.06

    A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege…

  • CVE-2017-16997HigDec 18, 2017
    risk 0.51cvss 7.8epss 0.03

    elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory,…

  • CVE-2015-7529HigNov 6, 2017
    risk 0.51cvss 7.8epss 0.00

    sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.

  • CVE-2017-1000111HigOct 5, 2017
    risk 0.51cvss 7.8epss 0.00

    Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with…

  • CVE-2017-7980HigJul 25, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.

  • CVE-2016-7062HigJun 27, 2017
    risk 0.51cvss 7.8epss 0.00

    rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext.

  • CVE-2015-1795HigJun 27, 2017
    risk 0.51cvss 7.8epss 0.00

    Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.

  • CVE-2017-9776HigJun 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document.

  • CVE-2017-5039HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5037HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.

  • CVE-2017-5036HigApr 24, 2017
    risk 0.51cvss 7.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.

  • CVE-2016-9560HigFeb 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image.

  • CVE-2016-2568HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

  • CVE-2016-9675HigDec 22, 2016
    risk 0.51cvss 7.8epss 0.02

    openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.

  • CVE-2016-6325HigOct 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

  • CVE-2016-4302HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.05

    Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.

  • CVE-2016-4300HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.05

    Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.

  • CVE-2016-2160HigJun 8, 2016
    risk 0.51cvss 8.8epss 0.04

    Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.

  • CVE-2015-5260HigJun 7, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

  • CVE-2016-5126HigJun 1, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call.

  • CVE-2016-4805HigMay 23, 2016
    risk 0.51cvss 7.8epss 0.00

    Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to…

  • CVE-2016-2109HigMay 5, 2016
    risk 0.51cvss 7.5epss 0.29

    The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.

  • CVE-2016-2106HigMay 5, 2016
    risk 0.51cvss 7.5epss 0.27

    Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.

  • CVE-2011-2525HigFeb 2, 2012
    risk 0.51cvss 7.8epss 0.01

    The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or…

  • CVE-2011-2520HigJul 21, 2011
    risk 0.51cvss 7.8epss 0.00

    fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.

  • CVE-2009-3620HigOct 22, 2009
    risk 0.51cvss 7.8epss 0.00

    The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges…

  • CVE-2026-42965HigMay 29, 2026
    risk 0.50cvss 7.7epss 0.00

    A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN (Fully Qualified Domain Name) EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy…

  • CVE-2026-28369HigMar 27, 2026
    risk 0.50cvss 8.7epss 0.01

    A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote…

  • CVE-2026-28368HigMar 27, 2026
    risk 0.50cvss 8.7epss 0.01

    A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request…

  • CVE-2026-28367HigMar 27, 2026
    risk 0.50cvss 8.7epss 0.01

    A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic…

  • CVE-2025-5962HigSep 22, 2025
    risk 0.50cvss 7.7epss 0.00

    A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusing inter-process communication calls to the history service, an attacker can…

  • CVE-2018-10893HigSep 11, 2018
    risk 0.50cvss 7.6epss 0.02

    Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

  • CVE-2018-1074HigApr 26, 2018
    risk 0.50cvss 7.7epss 0.01

    ovirt-engine API and administration web portal before versions 4.2.2.5, 4.1.11.2 is vulnerable to an exposure of Power Management credentials, including cleartext passwords to Host Administrators. A Host Administrator could use this flaw to gain access to the power management…

  • CVE-2014-0120HigDec 29, 2017
    risk 0.50cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."

Page 10 of 74