This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Redhat First view 2014-06-14
Product Enterprise Linux Last view 2021-05-05
Version 7.0 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:redhat:enterprise_linux

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
8.1 2021-05-05 CVE-2021-20254

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.

7.8 2021-04-19 CVE-2021-3498

GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

7.8 2021-04-19 CVE-2021-3497

GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

6.1 2021-04-19 CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

6.5 2021-04-15 CVE-2021-3487

There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.

8.1 2021-04-05 CVE-2021-20305

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

5.3 2021-03-26 CVE-2020-35518

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

9.8 2021-03-25 CVE-2021-3466

A flaw was found in libmicrohttpd in versions before 0.9.71. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

5.5 2021-03-25 CVE-2021-3443

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.

7.5 2021-03-25 CVE-2021-20215

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.

7.5 2021-03-25 CVE-2021-20214

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.

7.5 2021-03-25 CVE-2021-20213

A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.

7.5 2021-03-25 CVE-2021-20212

A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.

7.5 2021-03-25 CVE-2021-20211

A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.

7.5 2021-03-25 CVE-2021-20210

A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.

7.5 2021-03-25 CVE-2020-35502

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.

5.7 2021-03-23 CVE-2021-3409

The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.

7.5 2021-03-23 CVE-2021-20270

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

9.8 2021-03-19 CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

6 2021-03-18 CVE-2021-3416

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

7.5 2021-03-18 CVE-2020-27827

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

8.1 2021-03-15 CVE-2021-20179

A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.

6.4 2021-03-11 CVE-2021-20261

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.

6.7 2021-03-09 CVE-2021-3411

A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

5.5 2021-03-09 CVE-2021-20246

A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.

CWE : Common Weakness Enumeration

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
12% (50) CWE-416 Use After Free
8% (36) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
8% (34) CWE-125 Out-of-bounds Read
6% (28) CWE-787 Out-of-bounds Write
6% (25) CWE-200 Information Exposure
5% (23) CWE-20 Improper Input Validation
4% (19) CWE-190 Integer Overflow or Wraparound
4% (17) CWE-476 NULL Pointer Dereference
3% (14) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
2% (12) CWE-362 Race Condition
2% (11) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
1% (8) CWE-287 Improper Authentication
1% (7) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
1% (6) CWE-732 Incorrect Permission Assignment for Critical Resource
1% (6) CWE-369 Divide By Zero
1% (6) CWE-254 Security Features
1% (6) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
1% (6) CWE-59 Improper Link Resolution Before File Access ('Link Following')
1% (5) CWE-295 Certificate Issues
1% (5) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
0% (4) CWE-264 Permissions, Privileges, and Access Controls
0% (4) CWE-189 Numeric Errors
0% (4) CWE-94 Failure to Control Generation of Code ('Code Injection')
0% (3) CWE-399 Resource Management Errors
0% (3) CWE-347 Improper Verification of Cryptographic Signature

SAINT Exploits

Description Link
libssh authentication bypass More info here
Red Hat DHCP client NetworkManager integration script command injection More info here
Linux Dirty COW Local File Overwrite More info here

ExploitDB Exploits

id Description
33894 Python CGIHTTPServer Encoded Path Traversal

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2015-A-0155 Multiple Vulnerabilities in Oracle MySQL Product Suite
Severity: Category I - VMSKEY: V0061083
2015-A-0112 Oracle Linux & Virtualization Buffer Overflow Vulnerability
Severity: Category I - VMSKEY: V0060735
2015-A-0115 QEMU Virtual Floppy Drive Controller (FDC) Buffer Overflow Vulnerability
Severity: Category II - VMSKEY: V0060741
2015-A-0042 Samba Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0058919
2014-B-0105 Samba Remote Code Execution
Severity: Category I - VMSKEY: V0053637
2014-A-0105 Multiple Vulnerabilities in Oracle Java
Severity: Category I - VMSKEY: V0053191

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52133 - Type : FILE-OTHER - Revision : 2
2019-12-10 Libmspack cabd_sys_read_block off-by-one heap overflow attempt
RuleID : 52132 - Type : FILE-OTHER - Revision : 2
2019-10-25 Red Hat NetworkManager DHCP client command injection attempt
RuleID : 52022-community - Type : OS-LINUX - Revision : 1
2019-11-26 Red Hat NetworkManager DHCP client command injection attempt
RuleID : 52022 - Type : OS-LINUX - Revision : 1
2019-11-03 HAProxy H2 Frame heap memory corruption attempt
RuleID : 51725 - Type : SERVER-WEBAPP - Revision : 1
2018-05-30 Red Hat NetworkManager DHCP client command injection attempt
RuleID : 46847-community - Type : OS-LINUX - Revision : 1
2018-07-03 Red Hat NetworkManager DHCP client command injection attempt
RuleID : 46847 - Type : OS-LINUX - Revision : 1
2018-02-20 Mozilla Firefox HTTP index format out of bounds read attempt
RuleID : 45476 - Type : BROWSER-FIREFOX - Revision : 2
2017-10-24 PHP form-based file upload DoS attempt
RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2
2017-07-27 Mozilla Firefox domFuzzLite3 table use after free attempt
RuleID : 43347 - Type : BROWSER-FIREFOX - Revision : 2
2017-07-27 Mozilla Firefox domFuzzLite3 table use after free attempt
RuleID : 43346 - Type : BROWSER-FIREFOX - Revision : 2
2016-12-02 Mozilla Firefox ESR NotifyTimeChange use after free attempt
RuleID : 40896-community - Type : BROWSER-FIREFOX - Revision : 3
2017-01-04 Mozilla Firefox ESR NotifyTimeChange use after free attempt
RuleID : 40896 - Type : BROWSER-FIREFOX - Revision : 3
2016-12-01 Mozilla Firefox ESR NotifyTimeChange use after free attempt
RuleID : 40888-community - Type : BROWSER-FIREFOX - Revision : 3
2017-01-04 Mozilla Firefox ESR NotifyTimeChange use after free attempt
RuleID : 40888 - Type : BROWSER-FIREFOX - Revision : 3
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40566 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40565 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40564 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40563 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40562 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40561 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40560 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40543 - Type : OS-LINUX - Revision : 2
2016-11-30 Linux kernel madvise race condition attempt
RuleID : 40542 - Type : OS-LINUX - Revision : 2
2016-10-25 Multiple SQL products privilege escalation attempt
RuleID : 40254 - Type : SERVER-MYSQL - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-18 Name: The remote Debian host is missing a security update.
File: debian_DLA-1635.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-509c133845.nasl - Type: ACT_GATHER_INFO
2019-01-17 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2019-f812c9fb22.nasl - Type: ACT_GATHER_INFO
2019-01-16 Name: The remote Fedora host is missing a security update.
File: fedora_2019-f6ff819834.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZA-2018-089.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_183R1.nasl - Type: ACT_GATHER_INFO
2019-01-10 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa10917_184R1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-06090dff59.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-0b038c7047.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-0ddef94854.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-111044d435.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-1c1a318a0b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-23ca7a6798.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-2735a12b72.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-28f30efaf6.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-2c965abb15.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-327707371e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-381ab64b59.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-3857a8b41a.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-42eab0f5b9.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e660226e7.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-537c8312fc.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-56221eb24b.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6243646704.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6744ca470d.nasl - Type: ACT_GATHER_INFO