Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15513 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34440 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-11-03 | 7.5 High |
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-2908 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-11-03 | 5.5 Medium |
| A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service. | ||||
| CVE-2023-2283 | 3 Fedoraproject, Libssh, Redhat | 4 Fedora, Libssh, Enterprise Linux and 1 more | 2025-11-03 | 6.5 Medium |
| A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. | ||||
| CVE-2023-28617 | 2 Gnu, Redhat | 6 Org Mode, Enterprise Linux, Rhel Aus and 3 more | 2025-11-03 | 7.8 High |
| org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | ||||
| CVE-2023-26966 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-11-03 | 5.5 Medium |
| libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. | ||||
| CVE-2023-26965 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-11-03 | 5.5 Medium |
| loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. | ||||
| CVE-2023-25433 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2025-11-03 | 5.5 Medium |
| libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. | ||||
| CVE-2022-49043 | 2 Redhat, Xmlsoft | 6 Discovery, Enterprise Linux, Openshift and 3 more | 2025-11-03 | 8.1 High |
| xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | ||||
| CVE-2022-41877 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 4.6 Medium |
| FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the drive redirection channel - command line options `/drive`, `+drives` or `+home-drive`. | ||||
| CVE-2022-39347 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 2.6 Low |
| FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch. | ||||
| CVE-2022-39320 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 5.5 Medium |
| FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. | ||||
| CVE-2022-39319 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 4.6 Medium |
| FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. | ||||
| CVE-2022-39318 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 4.8 Medium |
| FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. | ||||
| CVE-2022-39316 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 4.8 Medium |
| FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. | ||||
| CVE-2022-39283 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 5.9 Medium |
| FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. | ||||
| CVE-2022-39282 | 3 Fedoraproject, Freerdp, Redhat | 3 Fedora, Freerdp, Enterprise Linux | 2025-11-03 | 3.5 Low |
| FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. | ||||
| CVE-2022-2850 | 4 Debian, Fedoraproject, Port389 and 1 more | 6 Debian Linux, Fedora, 389-ds-base and 3 more | 2025-11-03 | 6.5 Medium |
| A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. | ||||
| CVE-2022-1897 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Macos, Debian Linux, Fedora and 3 more | 2025-11-03 | 7.8 High |
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-1785 | 3 Debian, Redhat, Vim | 4 Debian Linux, Enterprise Linux, Rhev Hypervisor and 1 more | 2025-11-03 | 7.8 High |
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. | ||||
| CVE-2022-0996 | 2 Fedoraproject, Redhat | 4 Fedora, 389 Directory Server, Enterprise Linux and 1 more | 2025-11-03 | 6.5 Medium |
| A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | ||||