Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux
Total 1647 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-9788 2 Mozilla, Redhat 7 Firefox, Firefox Esr, Thunderbird and 4 more 2022-03-30 7.5 HIGH 9.8 CRITICAL
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
CVE-2019-9810 2 Mozilla, Redhat 7 Firefox, Firefox Esr, Thunderbird and 4 more 2022-03-30 6.8 MEDIUM 8.8 HIGH
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
CVE-2019-16869 4 Canonical, Debian, Netty and 1 more 5 Ubuntu Linux, Debian Linux, Netty and 2 more 2022-03-30 5.0 MEDIUM 7.5 HIGH
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
CVE-2019-13734 8 Canonical, Debian, Fedoraproject and 5 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2022-03-29 6.8 MEDIUM 8.8 HIGH
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3935 4 Debian, Fedoraproject, Pgbouncer and 1 more 4 Debian Linux, Fedora, Pgbouncer and 1 more 2022-03-16 5.1 MEDIUM 8.1 HIGH
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.
CVE-2021-3698 2 Cockpit-project, Redhat 2 Cockpit, Enterprise Linux 2022-03-14 5.0 MEDIUM 7.5 HIGH
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
CVE-2017-7536 1 Redhat 7 Enterprise Linux, Hibernate Validator, Jboss Enterprise Application Platform and 4 more 2022-03-10 4.4 MEDIUM 7.0 HIGH
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
CVE-2021-3716 2 Nbdkit Project, Redhat 2 Nbdkit, Enterprise Linux 2022-03-09 3.5 LOW 3.1 LOW
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the server, potentially leading the client to terminate the NBD session. The highest threat from this vulnerability is to system availability.
CVE-2021-20325 1 Redhat 1 Enterprise Linux 2022-03-08 10.0 HIGH 9.8 CRITICAL
Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Red Hat Enterprise Linux 8.5.0 would be vulnerable to the mentioned CVEs, even if they were properly fixed in Red Hat Enterprise Linux 8.4. CVE-2021-20325 was assigned to that Red Hat specific security regression and it does not affect the upstream versions of httpd.
CVE-2022-23645 3 Fedoraproject, Redhat, Swtpm Project 3 Fedora, Enterprise Linux, Swtpm 2022-03-07 2.1 LOW 5.5 MEDIUM
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. There are currently no known workarounds.
CVE-2021-3610 3 Fedoraproject, Imagemagick, Redhat 3 Fedora, Imagemagick, Enterprise Linux 2022-03-07 5.0 MEDIUM 7.5 HIGH
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.
CVE-2021-20320 3 Fedoraproject, Linux, Redhat 3 Fedora, Linux Kernel, Enterprise Linux 2022-03-03 2.1 LOW 5.5 MEDIUM
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.
CVE-2021-4024 3 Fedoraproject, Podman Project, Redhat 3 Fedora, Podman, Enterprise Linux 2022-03-01 6.4 MEDIUM 6.5 MEDIUM
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
CVE-2021-3516 6 Debian, Fedoraproject, Netapp and 3 more 9 Debian Linux, Fedora, Clustered Data Ontap and 6 more 2022-03-01 6.8 MEDIUM 7.8 HIGH
There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
CVE-2021-3551 4 Dogtagpki, Fedoraproject, Oracle and 1 more 12 Dogtagpki, Fedora, Linux and 9 more 2022-02-28 4.4 MEDIUM 7.8 HIGH
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
CVE-2006-5170 3 Debian, Fedoraproject, Redhat 8 Debian Linux, Fedora Core, Enterprise Linux and 5 more 2022-02-25 7.5 HIGH N/A
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.
CVE-2007-6283 4 Centos, Fedoraproject, Oracle and 1 more 9 Centos, Fedora Core, Linux and 6 more 2022-02-25 4.9 MEDIUM N/A
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
CVE-2020-25717 5 Canonical, Debian, Fedoraproject and 2 more 25 Ubuntu Linux, Debian Linux, Fedora and 22 more 2022-02-25 8.5 HIGH 8.1 HIGH
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
CVE-2016-2141 1 Redhat 3 Enterprise Linux, Jboss Enterprise Application Platform, Jgroups 2022-02-25 7.5 HIGH 9.8 CRITICAL
JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.
CVE-2016-2124 5 Canonical, Debian, Fedoraproject and 2 more 24 Ubuntu Linux, Debian Linux, Fedora and 21 more 2022-02-25 4.3 MEDIUM 5.9 MEDIUM
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.