Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Enterprise Linux
Total 1968 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40660 2 Opensc Project, Redhat 2 Opensc, Enterprise Linux 2024-11-23 N/A 6.6 MEDIUM
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.
CVE-2024-0229 3 Fedoraproject, Redhat, X.org 8 Fedora, Enterprise Linux, Enterprise Linux Aus and 5 more 2024-11-23 N/A 7.8 HIGH
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
CVE-2024-9341 2 Containers, Redhat 3 Common, Enterprise Linux, Openshift Container Platform 2024-11-22 N/A 5.4 MEDIUM
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
CVE-2022-1304 3 E2fsprogs Project, Fedoraproject, Redhat 3 E2fsprogs, Fedora, Enterprise Linux 2024-11-22 6.8 MEDIUM 7.8 HIGH
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
CVE-2024-8354 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2024-11-21 N/A 5.5 MEDIUM
A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition.
CVE-2024-8235 1 Redhat 2 Enterprise Linux, Libvirt 2024-11-21 N/A 6.2 MEDIUM
A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon.
CVE-2024-7006 2 Libtiff, Redhat 5 Libtiff, Enterprise Linux, Enterprise Linux For Arm 64 and 2 more 2024-11-21 N/A 7.5 HIGH
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
CVE-2024-6505 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2024-11-21 N/A 6.8 MEDIUM
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
CVE-2024-6387 9 Amazon, Canonical, Debian and 6 more 20 Linux 2023, Ubuntu Linux, Debian Linux and 17 more 2024-11-21 N/A 8.1 HIGH
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVE-2024-6239 2 Freedesktop, Redhat 2 Poppler, Enterprise Linux 2024-11-21 N/A 7.5 HIGH
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service.
CVE-2024-6237 1 Redhat 3 389 Directory Server, Directory Server, Enterprise Linux 2024-11-21 N/A 6.5 MEDIUM
A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service.
CVE-2024-5742 2 Gnu, Redhat 2 Nano, Enterprise Linux 2024-11-21 N/A 6.7 MEDIUM
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
CVE-2024-5154 2 Kubernetes, Redhat 3 Cri-o, Enterprise Linux, Openshift Container Platform 2024-11-21 N/A 8.1 HIGH
A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.
CVE-2024-4629 1 Redhat 8 Build Of Keycloak, Enterprise Linux, Keycloak and 5 more 2024-11-21 N/A 6.5 MEDIUM
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
CVE-2024-3567 2 Qemu, Redhat 2 Qemu, Enterprise Linux 2024-11-21 N/A 5.5 MEDIUM
A flaw was found in QEMU. An assertion failure was present in the update_sctp_checksum() function in hw/net/net_tx_pkt.c when trying to calculate the checksum of a short-sized fragmented packet. This flaw allows a malicious guest to crash QEMU and cause a denial of service condition.
CVE-2024-3183 1 Redhat 5 Enterprise Linux, Enterprise Linux Aus, Enterprise Linux Eus and 2 more 2024-11-21 N/A 8.1 HIGH
A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password).
CVE-2024-3049 2 Clusterlabs, Redhat 8 Booth, Enterprise Linux, Enterprise Linux Eus and 5 more 2024-11-21 N/A 5.9 MEDIUM
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
CVE-2024-2698 2 Freeipa, Redhat 3 Freeipa, Enterprise Linux, Enterprise Linux Eus 2024-11-21 N/A 8.8 HIGH
A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.
CVE-2024-23301 4 Fedoraproject, Redhat, Relax-and-recover and 1 more 4 Fedora, Enterprise Linux, Relax-and-recover and 1 more 2024-11-21 N/A 5.5 MEDIUM
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
CVE-2024-1454 3 Fedoraproject, Opensc Project, Redhat 3 Fedora, Opensc, Enterprise Linux 2024-11-21 N/A 3.4 LOW
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.