U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:intel64:*
  • CPE Name Search: true
There are 800 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2020-35501

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

Published: March 30, 2022; 12:15:08 PM -0400
V3.1: 3.4 LOW
V2.0: 3.6 LOW
CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Published: March 25, 2022; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-3941

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Published: March 25, 2022; 3:15:09 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2022-1011

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Published: March 18, 2022; 2:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2022-27191

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

Published: March 18, 2022; 3:15:06 AM -0400
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM
CVE-2021-3737

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Published: March 04, 2022; 2:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0: 7.1 HIGH
CVE-2021-3656

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Published: March 04, 2022; 2:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-3575

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

Published: March 04, 2022; 1:15:08 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-3677

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

Published: March 02, 2022; 6:15:08 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2022-0711

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

Published: March 02, 2022; 5:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-3700

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.

Published: February 24, 2022; 2:15:09 PM -0500
V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2021-3596

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

Published: February 24, 2022; 2:15:09 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-26252

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

Published: February 24, 2022; 2:15:09 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-44142

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Published: February 21, 2022; 10:15:07 AM -0500
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2021-3948

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.

Published: February 18, 2022; 1:15:09 PM -0500
V3.1: 6.3 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2021-3657

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.

Published: February 18, 2022; 1:15:09 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-20321

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

Published: February 18, 2022; 1:15:08 PM -0500
V3.1: 4.7 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2021-20320

A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.

Published: February 18, 2022; 1:15:08 PM -0500
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2020-25719

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.

Published: February 18, 2022; 1:15:08 PM -0500
V3.1: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2020-25717

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.

Published: February 18, 2022; 1:15:08 PM -0500
V3.1: 8.1 HIGH
V2.0: 8.5 HIGH