Redhat Enterprise Linux vulnerabilities
1,738 known vulnerabilities affecting redhat/enterprise_linux.
Total CVEs
1,738
CISA KEV
20
actively exploited
Public exploits
88
Exploited in wild
26
Severity breakdown
CRITICAL157HIGH589MEDIUM839LOW153
Vulnerabilities
Page 41 of 87
CVE-2012-5521MEDIUMCVSS 6.5v5.0v6.02019-11-25
CVE-2012-5521 [MEDIUM] CWE-617 CVE-2012-5521: quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal
nvd
CVE-2012-5630MEDIUMCVSS 6.3v5.0v6.02019-11-25
CVE-2012-5630 [MEDIUM] CWE-367 CVE-2012-5630: libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and remov
libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.
nvd
CVE-2019-10214MEDIUMCVSS 5.9v8.02019-11-25
CVE-2019-10214 [MEDIUM] CWE-522 CVE-2019-10214: The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Ente
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer
nvd
CVE-2014-3585CRITICALCVSS 9.8v6.0v7.02019-11-22
CVE-2014-3585 [CRITICAL] CWE-347 CVE-2014-3585: redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
redhat-upgrade-tool: Does not check GPG signatures when upgrading versions
nvd
CVE-2012-0877HIGHCVSS 7.5v5.0v6.02019-11-22
CVE-2012-0877 [HIGH] CWE-400 CVE-2012-0877: PyXML: Hash table collisions CPU usage Denial of Service
PyXML: Hash table collisions CPU usage Denial of Service
nvd
CVE-2015-7810MEDIUMCVSS 4.7v7.02019-11-22
CVE-2015-7810 [MEDIUM] CWE-367 CVE-2015-7810: libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
nvd
CVE-2013-1817HIGHCVSS 7.5v6.02019-11-20
CVE-2013-1817 [HIGH] CWE-200 CVE-2013-1817: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allow
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.
nvd
CVE-2013-1816HIGHCVSS 7.5v6.02019-11-20
CVE-2013-1816 [HIGH] CWE-20 CVE-2013-1816: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of servic
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.
nvd
CVE-2012-6136MEDIUMCVSS 5.5v6.02019-11-20
CVE-2012-6136 [MEDIUM] CWE-276 CVE-2012-6136: tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitra
tuned 2.10.0 creates its PID file with insecure permissions which allows local users to kill arbitrary processes.
nvd
CVE-2011-4967HIGHCVSS 7.5v4.0v5.0+1 more2019-11-19
CVE-2011-4967 [HIGH] CWE-20 CVE-2011-4967: tog-Pegasus has a package hash collision DoS vulnerability
tog-Pegasus has a package hash collision DoS vulnerability
nvd
CVE-2019-19068MEDIUMCVSS 4.6v7.0v8.02019-11-18
CVE-2019-19068 [MEDIUM] CWE-401 CVE-2019-19068: A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl
A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.
nvd
CVE-2014-5118MEDIUMCVSS 5.5v6.0v7.02019-11-18
CVE-2014-5118 [MEDIUM] CWE-20 CVE-2014-5118: Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
nvd
CVE-2019-19076MEDIUMCVSS 5.9v8.02019-11-18
CVE-2019-19076 [MEDIUM] CWE-401 CVE-2019-19076: A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/
A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption), aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted
nvd
CVE-2019-19081MEDIUMCVSS 5.9v7.0v8.02019-11-18
CVE-2019-19081 [MEDIUM] CWE-401 CVE-2019-19081: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/fl
A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.
nvd
CVE-2019-19062MEDIUMCVSS 4.7v7.0v8.02019-11-18
CVE-2019-19062 [MEDIUM] CWE-401 CVE-2019-19062: A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel throu
A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.
nvd
CVE-2019-19066MEDIUMCVSS 4.7v7.0v8.02019-11-18
CVE-2019-19066 [MEDIUM] CWE-401 CVE-2019-19066: A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kerne
A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.
nvd
CVE-2019-19072MEDIUMCVSS 4.4v8.02019-11-18
CVE-2019-19072 [MEDIUM] CWE-401 CVE-2019-19072: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux k
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
nvd
CVE-2019-19012CRITICALCVSS 9.8v8.02019-11-17
CVE-2019-19012 [CRITICAL] CWE-125 CVE-2019-19012: An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 l
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecif
nvd
CVE-2016-5285HIGHCVSS 7.5v5.0v6.0+1 more2019-11-15
CVE-2016-5285 [HIGH] CWE-476 CVE-2016-5285: A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missin
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
nvd
CVE-2011-2726HIGHCVSS 7.5v5.0v6.02019-11-15
CVE-2011-2726 [HIGH] CWE-863 CVE-2011-2726: An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attach
nvd