U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 20 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-28623

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.

Published: July 08, 2022; 9:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Published: March 25, 2022; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-20269

A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.

Published: March 10, 2022; 12:41:27 PM -0500
V3.1: 6.2 MEDIUM
V2.0: 2.1 LOW
CVE-2021-20486

IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.

Published: May 26, 2021; 1:15:14 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-4635

IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.

Published: March 19, 2021; 12:15:12 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-7140

A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess

Published: July 08, 2020; 10:15:10 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Published: April 08, 2019; 5:29:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2017-8989

A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.

Published: August 06, 2018; 4:29:01 PM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

Published: July 02, 2018; 9:29:00 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2016-5411

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.

Published: June 13, 2017; 12:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-7091

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Published: December 22, 2016; 4:59:00 PM -0500
V3.0: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6340

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.

Published: September 22, 2016; 11:59:03 AM -0400
V3.0: 8.4 HIGH
V2.0: 2.1 LOW
CVE-2016-6322

Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.

Published: September 22, 2016; 11:59:02 AM -0400
V3.0: 8.4 HIGH
V2.0: 7.2 HIGH
CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Published: August 14, 2015; 2:59:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1565

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 09, 2015; 12:59:05 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5364

Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file.

Published: January 25, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2011-0536

Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847.

Published: April 08, 2011; 11:17:26 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2008-0889

Red Hat Directory Server 8.0, when running on Red Hat Enterprise Linux, uses insecure permissions for the redhat-idm-console script, which allows local users to execute arbitrary code by modifying the script.

Published: March 19, 2008; 8:44:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2007-2797

xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

Published: August 27, 2007; 1:17:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2007-0980

Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors.

Published: February 15, 2007; 8:28:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH