U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 24 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-31026

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.

Published: November 02, 2023; 3:15:41 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-31022

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

Published: November 02, 2023; 3:15:41 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-31021

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.

Published: November 02, 2023; 3:15:41 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-31018

NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.

Published: November 02, 2023; 3:15:41 PM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-28623

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.

Published: July 08, 2022; 9:15:08 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Published: March 25, 2022; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-20269

A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.

Published: March 10, 2022; 12:41:27 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-20486

IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.

Published: May 26, 2021; 1:15:14 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2020-4635

IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.

Published: March 19, 2021; 12:15:12 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2020-7140

A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited remotely to cause a remote cross-site scripting (XSS). HPE has provided the following information to resolve this vulnerability in HPE IceWall SSO DFW and Dgfw: https://www.hpe.com/jp/icewall_patchaccess

Published: July 08, 2020; 10:15:10 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-0217

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.

Published: April 08, 2019; 5:29:00 PM -0400
V3.1: 7.5 HIGH
V2.0: 6.0 MEDIUM
CVE-2017-8989

A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.

Published: August 06, 2018; 4:29:01 PM -0400
V3.0: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.

Published: July 02, 2018; 9:29:00 PM -0400
V3.0: 5.3 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2016-5411

/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.

Published: June 13, 2017; 12:29:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2016-7091

sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.

Published: December 22, 2016; 4:59:00 PM -0500
V3.0: 4.4 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-6340

The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.

Published: September 22, 2016; 11:59:03 AM -0400
V3.0: 8.4 HIGH
V2.0: 2.1 LOW
CVE-2016-6322

Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.

Published: September 22, 2016; 11:59:02 AM -0400
V3.0: 8.4 HIGH
V2.0: 7.2 HIGH
CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Published: August 14, 2015; 2:59:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1565

Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: February 09, 2015; 12:59:05 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5364

Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file.

Published: January 25, 2014; 8:55:04 PM -0500
V3.x:(not available)
V2.0: 3.6 LOW