Redhat Enterprise Linux vulnerabilities

CVE-2025-46399 [MEDIUM] CWE-476 CVE-2025-46399: A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.

CVE-2025-46398 [MEDIUM] CWE-121 CVE-2025-46398: In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.

CVE-2025-46400 [MEDIUM] CWE-476 CVE-2025-46400: In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availabil In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.

CVE-2025-3155 [HIGH] CWE-601 CVE-2025-3155: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitr A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

CVE-2025-2784 [MEDIUM] CWE-125 CVE-2025-2784: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing cont A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

CVE-2024-45782 [HIGH] CWE-787 CVE-2024-45782: A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HF A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer, impacting grub's sensitive data integrity and eventually

CVE-2025-0678 [HIGH] CWE-190 CVE-2025-0678: A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module use A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it

CVE-2024-45778 [MEDIUM] CWE-190 CVE-2024-45778: A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.

CVE-2025-26599 [HIGH] CWE-824 CVE-2025-26599: An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRe An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an unini

CVE-2025-26597 [HIGH] CWE-119 CVE-2025-26597: A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 A buffer overflow flaw was found in X.Org and Xwayland. If XkbChangeTypesOfKey() is called with a 0 group, it will resize the key symbols table to 0 but leave the key actions unchanged. If the same function is later called with a non-zero value of groups, this will cause a buffer overflow because the key actions are of the wrong size.

CVE-2025-26600 [HIGH] CWE-416 CVE-2025-26600: A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free.

CVE-2025-26601 [HIGH] CWE-416 CVE-2025-26601: A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the cha A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing

CVE-2025-26598 [HIGH] CWE-787 CVE-2025-26598: An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searche An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memo

CVE-2025-26595 [HIGH] CWE-121 CVE-2025-26595: A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fi A buffer overflow flaw was found in X.Org and Xwayland. The code in XkbVModMaskText() allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and would copy the data regardless of the size.

CVE-2025-26596 [HIGH] CWE-787 CVE-2025-26596: A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySym A heap overflow flaw was found in X.Org and Xwayland. The computation of the length in XkbSizeKeySyms() differs from what is written in XkbWriteKeySyms(), which may lead to a heap-based buffer overflow.

CVE-2025-26594 [HIGH] CWE-416 CVE-2025-26594: A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free.

CVE-2024-45777 [MEDIUM] CWE-787 CVE-2024-45777: A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo fil A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.

CVE-2025-26465 [MEDIUM] CWE-390 CVE-2025-26465: A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-m A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker

CVE-2024-12084 [CRITICAL] CWE-122 CVE-2024-12084: A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handl A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.

CVE-2024-12087 [HIGH] CWE-22 CVE-2024-12087: A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursi A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks o