Redhat Enterprise Linux vulnerabilities
1,738 known vulnerabilities affecting redhat/enterprise_linux.
Total CVEs
1,738
CISA KEV
20
actively exploited
Public exploits
88
Exploited in wild
26
Severity breakdown
CRITICAL157HIGH589MEDIUM839LOW153
Vulnerabilities
Page 38 of 87
CVE-2020-1711MEDIUMCVSS 6.0v7.0v8.02020-02-11
CVE-2020-1711 [MEDIUM] CWE-122 CVE-2020-1711: An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU version
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of
nvd
CVE-2009-4067MEDIUMCVSS 6.8PoCv4.02020-02-11
CVE-2009-4067 [MEDIUM] CWE-120 CVE-2009-4067: Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kern
Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.
nvd
CVE-2015-5741CRITICALCVSS 9.8v7.02020-02-08
CVE-2015-5741 [CRITICAL] CWE-444 CVE-2015-5741: The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers
The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.
nvd
CVE-2012-4512HIGHCVSS 8.8PoCv6.02020-02-08
CVE-2012-4512 [HIGH] CWE-843 CVE-2012-4512: The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
nvd
CVE-2019-15605CRITICALCVSS 9.8v8.02020-02-07
CVE-2019-15605 [CRITICAL] CWE-444 CVE-2019-15605: HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-enc
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
nvd
CVE-2019-15606CRITICALCVSS 9.8v8.02020-02-07
CVE-2019-15606 [CRITICAL] CWE-20 CVE-2019-15606: Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of autho
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
nvd
CVE-2019-15604HIGHCVSS 7.5v8.02020-02-07
CVE-2019-15604 [HIGH] CWE-295 CVE-2019-15604: Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
nvd
CVE-2015-6815LOWCVSS 3.5v5.0v6.0+1 more2020-01-31
CVE-2015-6815 [LOW] CWE-835 CVE-2015-6815: The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process tran
The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors.
nvd
CVE-2015-0294HIGHCVSS 7.5v5.0v7.02020-01-27
CVE-2015-0294 [HIGH] CWE-295 CVE-2015-0294: GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certific
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate.
nvd
CVE-2019-14907MEDIUMCVSS 6.5v7.0v8.02020-01-21
CVE-2019-14907 [MEDIUM] CWE-125 CVE-2019-14907: All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, t
nvd
CVE-2019-19339MEDIUMCVSS 6.5v8.02020-01-17
CVE-2019-19339 [MEDIUM] CVE-2019-19339: It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for
It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hard
nvd
CVE-2019-9503HIGHCVSS 8.3v6.0v7.02020-01-16
CVE-2019-9503 [HIGH] CWE-20 CVE-2019-9503: The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulner
The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the
nvd
CVE-2020-2604HIGHCVSS 8.1v8.02020-01-15
CVE-2020-2604 [HIGH] CWE-502 CVE-2020-2604: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embed
nvd
CVE-2020-2601MEDIUMCVSS 6.8v8.02020-01-15
CVE-2020-2601 [MEDIUM] CVE-2020-2601: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulner
nvd
CVE-2020-2655MEDIUMCVSS 4.8v6.0v7.0+1 more2020-01-15
CVE-2020-2655 [MEDIUM] CVE-2020-2655: Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that ar
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete acces
nvd
CVE-2020-2593MEDIUMCVSS 4.8v8.02020-01-15
CVE-2020-2593 [MEDIUM] CVE-2020-2593: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Succ
nvd
CVE-2020-2659LOWCVSS 3.7v8.02020-01-15
CVE-2020-2659 [LOW] CVE-2020-2659: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Su
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of t
nvd
CVE-2020-2654LOWCVSS 3.7v6.0v7.0+1 more2020-01-15
CVE-2020-2654 [LOW] CVE-2020-2654: Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions th
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized a
nvd
CVE-2020-2583LOWCVSS 3.7v8.02020-01-15
CVE-2020-2583 [LOW] CWE-755 CVE-2020-2583: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization).
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedd
nvd
CVE-2020-2590LOWCVSS 3.7v8.02020-01-15
CVE-2020-2590 [LOW] CVE-2020-2590: Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supp
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks
nvd