Redhat Enterprise Linux vulnerabilities

CVE-2025-0678 [HIGH] CWE-190 CVE-2025-0678: A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module use A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it

CVE-2024-45778 [MEDIUM] CWE-190 CVE-2024-45778: A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

CVE-2025-26599 [HIGH] CWE-824 CVE-2025-26599: An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRe An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an unini

CVE-2025-26597 [HIGH] CWE-119 CVE-2025-26597: A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

CVE-2025-26600 [HIGH] CWE-416 CVE-2025-26600: A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.

CVE-2025-26601 [HIGH] CWE-416 CVE-2025-26601: A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the cha A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing

CVE-2025-26598 [HIGH] CWE-787 CVE-2025-26598: An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searche An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memo

CVE-2025-26595 [HIGH] CWE-121 CVE-2025-26595: A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fi A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

CVE-2025-26596 [HIGH] CWE-787 CVE-2025-26596: A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySym A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

CVE-2025-26594 [HIGH] CWE-416 CVE-2025-26594: A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

CVE-2024-45777 [MEDIUM] CWE-787 CVE-2024-45777: A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo fil A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.

CVE-2025-26465 [MEDIUM] CWE-390 CVE-2025-26465: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-m A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker

CVE-2024-12084 [CRITICAL] CWE-122 CVE-2024-12084: A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handl A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

CVE-2024-12087 [HIGH] CWE-22 CVE-2024-12087: A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursi A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks o

CVE-2024-12088 [HIGH] CWE-22 CVE-2024-12088: A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

CVE-2024-12085 [HIGH] CWE-908 CVE-2024-12085: A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw all A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVE-2024-12086 [MEDIUM] CWE-390 CVE-2024-12086: A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file fr A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to

CVE-2024-49394 [MEDIUM] CWE-347 CVE-2024-49394: In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing whi In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

CVE-2024-49395 [MEDIUM] CWE-1230 CVE-2024-49395: In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

CVE-2024-49393 [MEDIUM] CWE-347 CVE-2024-49393: In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which al In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.