Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15611 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29187 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Xcode, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.8 High |
| Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks. | ||||
| CVE-2022-29154 | 3 Fedoraproject, Redhat, Samba | 6 Fedora, Enterprise Linux, Rhel E4s and 3 more | 2024-11-21 | 7.4 High |
| An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). | ||||
| CVE-2022-28893 | 4 Debian, Linux, Netapp and 1 more | 25 Debian Linux, Linux Kernel, H300e and 22 more | 2024-11-21 | 7.8 High |
| The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | ||||
| CVE-2022-28805 | 3 Fedoraproject, Lua, Redhat | 3 Fedora, Lua, Enterprise Linux | 2024-11-21 | 9.1 Critical |
| singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. | ||||
| CVE-2022-28796 | 4 Fedoraproject, Linux, Netapp and 1 more | 24 Fedora, Linux Kernel, Active Iq Unified Manager and 21 more | 2024-11-21 | 7.0 High |
| jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. | ||||
| CVE-2022-28738 | 2 Redhat, Ruby-lang | 3 Enterprise Linux, Rhel Software Collections, Ruby | 2024-11-21 | 9.8 Critical |
| A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. | ||||
| CVE-2022-28737 | 1 Redhat | 4 Enterprise Linux, Rhel E4s, Rhel Eus and 1 more | 2024-11-21 | 6.5 Medium |
| There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. | ||||
| CVE-2022-28623 | 3 Hp, Hpe, Redhat | 3 Hp-ux, Icewall Sso Certd, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX. | ||||
| CVE-2022-28614 | 4 Apache, Fedoraproject, Netapp and 1 more | 6 Http Server, Fedora, Clustered Data Ontap and 3 more | 2024-11-21 | 5.3 Medium |
| The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. | ||||
| CVE-2022-28327 | 3 Fedoraproject, Golang, Redhat | 20 Extra Packages For Enterprise Linux, Fedora, Go and 17 more | 2024-11-21 | 7.5 High |
| The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | ||||
| CVE-2022-28199 | 4 Linux, Microsoft, Nvidia and 1 more | 4 Linux Kernel, Windows, Data Plane Development Kit and 1 more | 2024-11-21 | 6.5 Medium |
| NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. | ||||
| CVE-2022-28131 | 4 Fedoraproject, Golang, Netapp and 1 more | 16 Fedora, Go, Cloud Insights Telegraf and 13 more | 2024-11-21 | 7.5 High |
| Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | ||||
| CVE-2022-27950 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.5 Medium |
| In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. | ||||
| CVE-2022-27782 | 4 Debian, Haxx, Redhat and 1 more | 4 Debian Linux, Curl, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. | ||||
| CVE-2022-27776 | 7 Brocade, Debian, Fedoraproject and 4 more | 19 Fabric Operating System, Debian Linux, Fedora and 16 more | 2024-11-21 | 6.5 Medium |
| A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | ||||
| CVE-2022-27775 | 6 Brocade, Debian, Haxx and 3 more | 18 Fabric Operating System, Debian Linux, Curl and 15 more | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | ||||
| CVE-2022-27774 | 6 Brocade, Debian, Haxx and 3 more | 18 Fabric Operating System, Debian Linux, Curl and 15 more | 2024-11-21 | 5.7 Medium |
| An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | ||||
| CVE-2022-27666 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-11-21 | 7.8 High |
| A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. | ||||
| CVE-2022-27664 | 3 Fedoraproject, Golang, Redhat | 19 Fedora, Go, Acm and 16 more | 2024-11-21 | 7.5 High |
| In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. | ||||
| CVE-2022-27651 | 3 Buildah Project, Fedoraproject, Redhat | 4 Buildah, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 6.8 Medium |
| A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. | ||||