Oracle Linux vulnerabilities

CVE-2026-21991 [MEDIUM] CWE-22 CVE-2026-21991: A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.

CVE-2025-4598 [MEDIUM] CWE-364 CVE-2025-4598: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type o

CVE-2022-21505 [MEDIUM] CWE-346 CVE-2022-21505: In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can b In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3

CVE-2023-22024 [MEDIUM] CVE-2023-22024: In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CVE-2022-21504 [MEDIUM] CWE-416 CVE-2022-21504: The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 5.

CVE-2022-21499 [MEDIUM] CWE-787 CVE-2022-21499: KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lock KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vecto

CVE-2021-3551 [HIGH] CWE-312 CVE-2021-3551: A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admi A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.

CVE-2021-2464 [HIGH] CVE-2021-2464: Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Linux executes to compromise Oracle Linux. Successful attacks of this vulnerability can result in takeover of Oracle Linux. CVSS 3.1 Base Score 7.8 (

CVE-2018-17962 [HIGH] CWE-119 CVE-2018-17962: Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.

CVE-2015-7691 [HIGH] CVE-2015-7691: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

CVE-2015-7692 [HIGH] CVE-2015-7692: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

CVE-2015-7701 [HIGH] CWE-772 CVE-2015-7701: Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.7 Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).

CVE-2015-7852 [MEDIUM] CWE-20 CVE-2015-7852: ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.

CVE-2015-7702 [MEDIUM] CVE-2015-7702: The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.

CVE-2015-7703 [HIGH] CWE-20 CVE-2015-7703: The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, w The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.

CVE-2015-5219 [HIGH] CWE-704 CVE-2015-5219: The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions fr The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.

CVE-2016-1908 [CRITICAL] CWE-287 CVE-2016-1908: The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding an The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SEC

CVE-2015-8896 [MEDIUM] CVE-2015-8896: Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to c Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.

CVE-2016-2518 [MEDIUM] CWE-125 CVE-2016-2518: The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attacke The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.

CVE-2015-7977 [MEDIUM] CWE-476 CVE-2015-7977: ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of serv ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.