Redhat Enterprise Linux vulnerabilities
1,783 known vulnerabilities affecting redhat/enterprise_linux.
Total CVEs
1,783
CISA KEV
22
actively exploited
Public exploits
91
Exploited in wild
26
Severity breakdown
CRITICAL162HIGH609MEDIUM858LOW154
Vulnerabilities
Page 9 of 90
CVE-2024-1488HIGHCVSS 7.3v8.0v9.02024-02-15
CVE-2024-1488 [HIGH] CWE-276 CVE-2024-1488: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outs
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potenti
nvd
CVE-2023-50387HIGHCVSS 7.5v6.0v7.0+2 more2024-02-14
CVE-2023-50387 [HIGH] CWE-770 CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow r
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an al
nvd
CVE-2023-50868HIGHCVSS 7.5v6.0v7.0+3 more2024-02-14
CVE-2023-50868 [HIGH] CWE-400 CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iter
nvd
CVE-2023-6681MEDIUMCVSS 5.3v8.0v9.02024-02-12
CVE-2023-6681 [MEDIUM] CWE-400 CVE-2023-6681: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (Do
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
nvd
CVE-2024-1062MEDIUMCVSS 5.5v8.02024-02-12
CVE-2024-1062 [MEDIUM] CWE-122 CVE-2024-1062: A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
nvd
CVE-2024-1454LOWCVSS 3.4v7.0v8.0+1 more2024-02-12
CVE-2024-1454 [LOW] CWE-416 CVE-2024-1454: The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in t
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted res
nvd
CVE-2024-1151MEDIUMCVSS 5.5v8.0v9.02024-02-11
CVE-2024-1151 [MEDIUM] CWE-121 CVE-2024-1151: A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.
nvd
CVE-2024-0229HIGHCVSS 7.8v7.0v8.0+1 more2024-02-09
CVE-2024-0229 [HIGH] CWE-787 CVE-2024-0229: An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when
An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments.
nvd
CVE-2023-6535HIGHCVSS 7.5v8.0v9.02024-02-07
CVE-2023-6535 [HIGH] CWE-476 CVE-2023-6535: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated maliciou
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
nvd
CVE-2023-6536HIGHCVSS 7.5v8.0v9.02024-02-07
CVE-2023-6536 [HIGH] CWE-476 CVE-2023-6536: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated maliciou
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service.
nvd
CVE-2023-6356HIGHCVSS 7.5v8.0v9.02024-02-07
CVE-2023-6356 [HIGH] CWE-476 CVE-2023-6356: A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated maliciou
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service.
nvd
CVE-2024-0690MEDIUMCVSS 5.5v8.0v9.02024-02-06
CVE-2024-0690 [MEDIUM] CWE-117 CVE-2024-0690: An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.
nvd
CVE-2024-1048LOWCVSS 3.3v8.0v9.02024-02-06
CVE-2024-1048 [LOW] CVE-2024-1048: A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times,
nvd
CVE-2023-50782HIGHCVSS 7.5v8.0v9.02024-02-05
CVE-2023-50782 [HIGH] CWE-203 CVE-2023-50782: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decry
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
nvd
CVE-2023-50781HIGHCVSS 7.5v8.0v9.02024-02-05
CVE-2023-50781 [HIGH] CWE-203 CVE-2023-50781: A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
nvd
CVE-2023-7216MEDIUMCVSS 5.3v7.0v8.0+1 more2024-02-05
CVE-2023-7216 [MEDIUM] CWE-59 CVE-2023-7216: A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauth
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks.
nvd
CVE-2023-6240MEDIUMCVSS 6.5v7.0v8.0+1 more2024-02-04
CVE-2023-6240 [MEDIUM] CWE-203 CVE-2023-6240: A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux K
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.
nvd
CVE-2024-0914MEDIUMCVSS 5.9v8.0v9.02024-01-31
CVE-2024-0914 [MEDIUM] CWE-203 CVE-2024-0914: A timing side-channel vulnerability has been discovered in the opencryptoki package while processing
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
nvd
CVE-2023-5992MEDIUMCVSS 5.9v7.0v8.0+1 more2024-01-31
CVE-2023-5992 [MEDIUM] CWE-203 CVE-2023-5992: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as si
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.
nvd
CVE-2024-0564MEDIUMCVSS 6.5v8.0v9.02024-01-30
CVE-2024-0564 [MEDIUM] CWE-203 CVE-2024-0564: A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kerne
A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the u
nvd