U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:x86:*
  • CPE Name Search: true
There are 743 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity

A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

Published: April 18, 2022; 1:15:16 PM -0400
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM

An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

Published: April 14, 2022; 5:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

Published: April 08, 2022; 1:15:07 AM -0400
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.

Published: April 04, 2022; 4:15:10 PM -0400
V3.1: 6.8 MEDIUM
V2.0: 4.9 MEDIUM

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

Published: March 30, 2022; 12:15:08 PM -0400
V3.1: 3.4 LOW
V2.0: 3.6 LOW

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.

Published: March 25, 2022; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.

Published: March 25, 2022; 3:15:09 PM -0400
V3.1: 6.5 MEDIUM
V2.0: 2.1 LOW

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

Published: March 18, 2022; 2:15:12 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM

The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

Published: March 18, 2022; 3:15:06 AM -0400
V3.1: 7.5 HIGH
V2.0: 4.3 MEDIUM

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Published: March 04, 2022; 2:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0: 7.1 HIGH

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.

Published: March 04, 2022; 2:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0: 7.2 HIGH

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

Published: March 04, 2022; 1:15:08 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

Published: March 02, 2022; 6:15:08 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.

Published: March 02, 2022; 5:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.

Published: February 24, 2022; 2:15:09 PM -0500
V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM

A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.

Published: February 24, 2022; 2:15:09 PM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM

A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service.

Published: February 24, 2022; 2:15:09 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

Published: February 21, 2022; 10:15:07 AM -0500
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster.

Published: February 18, 2022; 1:15:09 PM -0500
V3.1: 6.3 MEDIUM
V2.0: 6.5 MEDIUM

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution.

Published: February 18, 2022; 1:15:09 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH