Redhat Enterprise Linux vulnerabilities

CVE-2025-32463 [CRITICAL] CWE-829 CVE-2025-32463: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-5318 [HIGH] CWE-125 CVE-2025-5318: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be tr A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authentica

CVE-2025-6170 [LOW] CWE-121 CVE-2025-6170: A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML fil A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVE-2025-6021 [HIGH] CWE-787 CVE-2025-6021: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calcula A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

CVE-2025-5914 [HIGH] CWE-190 CVE-2025-5914: A vulnerability has been identified in the libarchive library, specifically within the archive_read_ A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a

CVE-2025-5918 [LOW] CWE-125 CVE-2025-5918: A vulnerability has been identified in the libarchive library. This flaw can be triggered when file A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CVE-2025-5916 [LOW] CWE-190 CVE-2025-5916: A vulnerability has been identified in the libarchive library. This flaw involves an integer overflo A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, me

CVE-2025-47711 [MEDIUM] CWE-193 CVE-2025-47711: There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.

CVE-2025-5917 [LOW] CWE-787 CVE-2025-5917: A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' mi A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances

CVE-2025-5915 [MEDIUM] CWE-122 CVE-2025-5915: A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer o A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (de

CVE-2025-4598 [MEDIUM] CWE-364 CVE-2025-4598: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type o

CVE-2025-4478 [MEDIUM] CWE-476 CVE-2025-4478: A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packe A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.

CVE-2025-3891 [HIGH] CWE-248 CVE-2025-3891: A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthe A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

CVE-2025-46397 [HIGH] CWE-120 CVE-2025-46397: A flaw was found in xfig. This vulnerability allows possible code execution via local input manipula A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.

CVE-2025-46399 [MEDIUM] CWE-476 CVE-2025-46399: A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.

CVE-2025-46398 [MEDIUM] CWE-121 CVE-2025-46398: In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

CVE-2025-46400 [MEDIUM] CWE-476 CVE-2025-46400: In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availabil In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

CVE-2025-3155 [HIGH] CWE-601 CVE-2025-3155: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitr A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

CVE-2025-2784 [HIGH] CWE-125 CVE-2025-2784: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing cont A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

CVE-2024-45782 [HIGH] CWE-787 CVE-2024-45782: A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HF A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually