CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat » Enterprise Linux : Security Vulnerabilities (CVSS score between 4 and 4.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-30598 2022-05-18 2022-06-13
4.0
None Remote Low ??? Partial None None
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
2 CVE-2022-27666 787 Overflow 2022-03-23 2023-02-01
4.6
None Local Low Not required Partial Partial Partial
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
3 CVE-2022-27651 276 2022-04-04 2022-09-03
4.9
None Remote Medium ??? Partial Partial None
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
4 CVE-2022-21682 22 Dir. Trav. 2022-01-13 2022-02-10
4.0
None Remote Low ??? None Partial None
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`.
5 CVE-2022-2211 120 DoS 2022-07-12 2023-02-02
4.3
None Remote Medium Not required None None Partial
A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.
6 CVE-2022-1665 Bypass 2022-06-21 2022-08-18
4.6
None Local Low Not required Partial Partial Partial
A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.
7 CVE-2022-1055 416 +Priv 2022-03-29 2022-10-19
4.6
None Local Low Not required Partial Partial Partial
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5
8 CVE-2022-1011 416 +Priv 2022-03-18 2022-10-12
4.6
None Local Low Not required Partial Partial Partial
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
9 CVE-2022-0996 613 2022-03-23 2023-02-02
4.0
None Remote Low ??? Partial None None
A vulnerability was found in the 389 Directory Server. This issue allows expired passwords to access the database, causing improper authentication.
10 CVE-2022-0984 863 2022-04-29 2022-05-10
4.0
None Remote Low ??? None Partial None
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
11 CVE-2022-0561 476 DoS 2022-02-11 2022-11-16
4.3
None Remote Medium Not required None None Partial
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
12 CVE-2022-0530 Exec Code 2022-02-09 2022-09-30
4.3
None Remote Medium Not required None None Partial
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
13 CVE-2022-0529 787 Exec Code 2022-02-09 2022-09-30
4.3
None Remote Medium Not required None None Partial
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
14 CVE-2022-0516 2022-03-10 2022-10-04
4.6
None Local Low Not required Partial Partial Partial
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
15 CVE-2022-0330 281 2022-03-25 2022-12-07
4.6
None Local Low Not required Partial Partial Partial
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
16 CVE-2021-44733 416 2021-12-22 2022-06-01
4.4
None Local Medium Not required Partial Partial Partial
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
17 CVE-2021-32672 125 2021-10-04 2022-10-06
4.0
None Remote Low ??? Partial None None
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.
18 CVE-2021-30501 617 DoS 2021-05-27 2022-10-25
4.3
None Remote Medium Not required None None Partial
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
19 CVE-2021-30471 674 Overflow 2021-05-26 2021-06-08
4.3
None Remote Medium Not required None None Partial
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
20 CVE-2021-30470 674 Overflow 2021-05-26 2021-06-08
4.3
None Remote Medium Not required None None Partial
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
21 CVE-2021-30469 416 DoS 2021-05-26 2021-06-08
4.3
None Remote Medium Not required None None Partial
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
22 CVE-2021-20321 362 2022-02-18 2022-05-11
4.7
None Local Medium Not required None None Complete
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.
23 CVE-2021-20286 617 DoS 2021-03-15 2021-03-22
4.0
None Remote Low ??? None None Partial
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
24 CVE-2021-20261 362 2021-03-11 2021-03-19
4.4
None Local Medium Not required Partial Partial Partial
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
25 CVE-2021-20254 125 2021-05-05 2021-06-24
4.9
None Remote Medium ??? Partial Partial None
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
26 CVE-2021-20229 863 2021-02-23 2021-06-09
4.0
None Remote Low ??? Partial None None
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
27 CVE-2021-20208 269 2021-04-19 2022-10-21
4.9
None Remote Medium ??? Partial Partial None
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
28 CVE-2021-20194 787 Overflow 2021-02-23 2023-02-02
4.6
None Local Low Not required Partial Partial Partial
A flaw buffer overflow in the Linux kernel BPF subsystem was found in the way user running BPF script calling getsockopt. A local user could use this flaw to crash the system or possibly escalate their privileges on the system.
29 CVE-2021-4207 362 Exec Code Overflow 2022-04-29 2022-11-29
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
30 CVE-2021-4206 190 Exec Code Overflow 2022-04-29 2022-09-23
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.
31 CVE-2021-4145 476 2022-01-25 2022-09-28
4.9
None Local Low Not required None None Complete
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
32 CVE-2021-3750 416 DoS Exec Code 2022-05-02 2023-02-02
4.6
None Local Low Not required Partial Partial Partial
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host.
33 CVE-2021-3733 400 DoS 2022-03-10 2022-10-26
4.0
None Remote Low ??? None None Partial
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
34 CVE-2021-3700 416 2022-02-24 2022-04-25
4.4
None Local Medium Not required Partial Partial Partial
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.
35 CVE-2021-3697 787 Exec Code 2022-07-06 2022-10-28
4.4
None Local Medium Not required Partial Partial Partial
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
36 CVE-2021-3695 787 Exec Code Mem. Corr. 2022-07-06 2022-10-28
4.4
None Local Medium Not required Partial Partial Partial
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
37 CVE-2021-3677 200 +Info 2022-03-02 2023-01-31
4.0
None Remote Low ??? Partial None None
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.
38 CVE-2021-3660 1021 2022-03-10 2023-02-02
4.3
None Remote Medium Not required None Partial None
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
39 CVE-2021-3635 119 Overflow 2021-08-13 2021-08-23
4.9
None Local Low Not required None None Complete
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.
40 CVE-2021-3634 787 2021-08-31 2022-11-16
4.0
None Remote Low ??? None None Partial
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
41 CVE-2021-3622 400 Overflow 2021-12-23 2022-01-10
4.3
None Remote Medium Not required None None Partial
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
42 CVE-2021-3605 119 Overflow 2021-08-25 2023-02-03
4.3
None Remote Medium Not required None None Partial
There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
43 CVE-2021-3596 476 2022-02-24 2022-07-01
4.3
None Remote Medium Not required None None Partial
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.
44 CVE-2021-3565 798 2021-06-04 2022-04-25
4.3
None Remote Medium Not required Partial None None
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
45 CVE-2021-3551 312 +Priv 2022-02-16 2022-02-28
4.4
None Local Medium Not required Partial Partial Partial
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
46 CVE-2021-3537 476 2021-05-14 2022-07-25
4.3
None Remote Medium Not required None None Partial
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
47 CVE-2021-3532 732 2021-06-09 2022-10-07
4.3
None Remote Medium Not required Partial None None
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
48 CVE-2021-3448 2021-04-08 2022-10-27
4.3
None Remote Medium Not required None Partial None
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
49 CVE-2021-3443 476 2021-03-25 2021-03-30
4.3
None Remote Medium Not required None None Partial
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
50 CVE-2021-3421 347 2021-05-19 2022-06-03
4.3
None Remote Medium Not required None Partial None
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
Total number of vulnerabilities : 370   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.