Redhat Enterprise Linux Server vulnerabilities

CVE-2025-6021 [HIGH] CWE-787 CVE-2025-6021: A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calcula A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

CVE-2025-2784 [HIGH] CWE-125 CVE-2025-2784: A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing cont A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

CVE-2024-12085 [HIGH] CWE-908 CVE-2024-12085: A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw all A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

CVE-2024-1086 [HIGH] CWE-416 CVE-2024-1086: A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error whi

CVE-2023-6816 [CRITICAL] CWE-787 CVE-2023-6816: A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit f A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

CVE-2024-0409 [HIGH] CWE-787 CVE-2024-0409: A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong typ A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.

CVE-2024-0408 [MEDIUM] CWE-158 CVE-2024-0408: A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object tha

CVE-2023-5455 [MEDIUM] CWE-352 CVE-2023-5455: A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported ver A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certai

CVE-2023-5869 [HIGH] CWE-190 CVE-2023-5869: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code th A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbit

CVE-2023-46847 [HIGH] CWE-120 CVE-2023-46847: Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow att Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

CVE-2023-3972 [HIGH] CWE-379 CVE-2023-3972: A vulnerability was found in insights-client. This security issue occurs because of insecure file op A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client

CVE-2023-5367 [HIGH] CWE-787 CVE-2023-5367: A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect c A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

CVE-2023-3899 [HIGH] CWE-285 CVE-2023-3899: A vulnerability was found in subscription-manager that allows local privilege escalation due to inad A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper

CVE-2023-0494 [HIGH] CWE-416 CVE-2023-0494: A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerCl A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding s

CVE-2023-0179 [HIGH] CWE-190 CVE-2023-0179: A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.

CVE-2019-8720 [HIGH] CWE-119 CVE-2019-8720: A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web c A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.

CVE-2022-4254 [HIGH] CWE-90 CVE-2022-4254: sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

CVE-2014-0144 [HIGH] CWE-20 CVE-2014-0144: QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulne QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

CVE-2014-0148 [MEDIUM] CWE-835 CVE-2014-0148: Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other poten Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to

CVE-2015-1931 [MEDIUM] CWE-312 CVE-2015-1931: IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.