Redhat Enterprise Linux vulnerabilities

CVE-2025-7424 [HIGH] CWE-843 CVE-2025-7424: A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet an A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

CVE-2025-32990 [HIGH] CWE-122 CVE-2025-32990: A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing lo A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the

CVE-2025-32988 [HIGH] CWE-415 CVE-2025-32988: A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when

CVE-2025-32989 [MEDIUM] CWE-295 CVE-2025-32989: A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transpare A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This iss

CVE-2025-5372 [HIGH] CWE-682 CVE-2025-5372: A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails

CVE-2025-5351 [MEDIUM] CWE-415 CVE-2025-5351: A flaw was found in the key export functionality of libssh. The issue occurs in the internal functio A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition m

CVE-2025-32463 [HIGH] CWE-829 CVE-2025-32463: Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

CVE-2025-5318 [HIGH] CWE-125 CVE-2025-5318: A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be tr A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authentica

CVE-2025-6170 [LOW] CWE-121 CVE-2025-6170: A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML fil A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.

CVE-2025-6021 [HIGH] CWE-787 CVE-2025-6021: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calcula A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

CVE-2025-5914 [HIGH] CWE-190 CVE-2025-5914: A vulnerability has been identified in the libarchive library, specifically within the archive_read_ A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a

CVE-2025-5918 [MEDIUM] CWE-125 CVE-2025-5918: A vulnerability has been identified in the libarchive library. This flaw can be triggered when file A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CVE-2025-5916 [MEDIUM] CWE-190 CVE-2025-5916: A vulnerability has been identified in the libarchive library. This flaw involves an integer overflo A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior,

CVE-2025-47711 [MEDIUM] CWE-193 CVE-2025-47711: There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.

CVE-2025-5917 [MEDIUM] CWE-787 CVE-2025-5917: A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' mi A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstan

CVE-2025-5915 [MEDIUM] CWE-122 CVE-2025-5915: A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer o A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (de

CVE-2025-4598 [MEDIUM] CWE-364 CVE-2025-4598: A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type o

CVE-2025-4478 [MEDIUM] CWE-476 CVE-2025-4478: A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packe A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.

CVE-2025-3891 [HIGH] CWE-248 CVE-2025-3891: A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthe A flaw was found in the mod_auth_openidc module for Apache httpd. This flaw allows a remote, unauthenticated attacker to trigger a denial of service by sending an empty POST request when the OIDCPreservePost directive is enabled. The server crashes consistently, affecting availability.

CVE-2025-46397 [HIGH] CWE-120 CVE-2025-46397: A flaw was found in xfig. This vulnerability allows possible code execution via local input manipula A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.