📦 Enterprise Linux Eus

Keylime versions 7.12.0 and later have a critical authentication bypass vulnerability where the registrar fails to enforce client-side TLS certificate authentication. This allows unauthenticated netwo...

CVE-2023-46846 is an HTTP request smuggling vulnerability in Squid proxy due to lenient chunked decoder handling. It allows attackers to bypass security controls like firewalls and frontend systems by...

This CVE describes an integer overflow vulnerability in libxml2's xmlBuildQName function that can cause stack-based buffer overflow when processing malicious XML input. This vulnerability affects any ...

CVE-2025-3155 is a vulnerability in Yelp (the GNOME help application) that allows malicious help documents to execute arbitrary scripts. This could enable attackers to exfiltrate user files to externa...

CVE-2025-2784 is a heap buffer over-read vulnerability in libsoup's skip_insight_whitespace() function. When processing a malicious HTTP response, libsoup clients can read one byte beyond allocated me...

MongoDB Shell (mongosh) versions before 2.3.0 are vulnerable to local privilege escalation when a malicious file is placed in C:\node_modules\. This allows attackers with local access to execute arbit...

This vulnerability in rsync allows attackers to leak uninitialized stack memory one byte at a time by manipulating checksum length during file comparison. It affects systems using vulnerable rsync ver...

This vulnerability in Buildah allows attackers to bypass path validation in cache mounts, enabling arbitrary host directory access during container builds. Users running Buildah with untrusted Contain...

This FreeIPA vulnerability allows attackers who compromise a principal to obtain encrypted Kerberos tickets and salts, enabling offline brute-force attacks to recover passwords. It affects FreeIPA dep...

A race condition in SSSD (System Security Services Daemon) causes inconsistent application of Group Policy Object (GPO) policies for authenticated users. This can lead to improper authorization decisi...

This CVE allows any local process to modify Unbound DNS resolver's runtime configuration via port 8953 due to incorrect default permissions. Attackers can alter DNS forwarders to intercept or disrupt ...

This vulnerability in the X.Org server allows out-of-bounds memory access when a frozen device is reattached to a different master device. It can lead to application crashes, local privilege escalatio...

This vulnerability in Perl allows an attacker to trigger a heap buffer overflow by providing a malicious regular expression. Systems running affected Perl versions (5.30.0 through 5.38.0) that process...

This vulnerability in xorg-server allows out-of-bounds memory reads and writes when querying or changing XKB button actions, such as switching from touchpad to mouse. It could enable local privilege e...

This CVE-2023-5869 vulnerability in PostgreSQL allows authenticated database users to execute arbitrary code on the server through an integer overflow when modifying SQL arrays. Attackers can write ar...

An out-of-bounds read vulnerability in the Linux kernel's SMB client implementation allows local attackers to read kernel memory. This could lead to system crashes or information disclosure. Only syst...

Squid proxy server is vulnerable to a denial-of-service attack where remote attackers can crash the service by sending specially crafted ftp:// URLs in HTTP requests or constructing them from FTP nati...

This vulnerability allows unprivileged local users to escalate privileges to root by exploiting insecure temporary directory handling in insights-client. Attackers can create and control the /var/tmp/...

CVE-2023-5633 is a use-after-free vulnerability in VMware's 3D acceleration memory handling that allows local unprivileged users within a VMware guest virtual machine to escalate privileges. This affe...

CVE-2023-4911 is a buffer overflow vulnerability in the GNU C Library's dynamic loader (ld.so) that allows local attackers to exploit SUID binaries. By crafting malicious GLIBC_TUNABLES environment va...

A vulnerability in MariaDB allows remote attackers to cause denial of service via port scans on ports 3306 and 4567. This affects MariaDB servers with these ports exposed to untrusted networks. The vu...

This vulnerability in Keylime's registrar component allows remote attackers to cause a denial of service by exhausting all available SSL connections due to their blocking nature. It affects systems ru...

This vulnerability in libreswan's IKEv1 Aggressive Mode implementation causes the pluto daemon to crash when receiving specially crafted packets. It affects systems running vulnerable versions of libr...

CVE-2023-2203 is a use-after-free vulnerability in WebKitGTK caused by improper input validation. Attackers can exploit this by delivering specially crafted web content, potentially leading to denial ...

A buffer overflow vulnerability in the Linux Kernel's Netfilter subsystem allows local attackers to leak memory addresses and potentially execute arbitrary code. This could lead to local privilege esc...

This CVE-2023-0494 vulnerability in X.Org allows attackers to exploit a dangling pointer in DeepCopyPointerClasses via ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() functions. This can lead to loc...

CVE-2019-8720 is a memory corruption vulnerability in WebKit that allows arbitrary code execution when processing malicious web content. This affects any application using WebKit for web rendering, in...

CVE-2021-3697 is a heap buffer underflow vulnerability in GRUB2's JPEG parser that allows a crafted JPEG image to corrupt heap memory. Successful exploitation could lead to arbitrary code execution or...

CVE-2022-1227 is a privilege escalation vulnerability in Podman that allows attackers to gain host filesystem access when users run 'podman top' on malicious container images. This affects Podman user...

This vulnerability in Podman and Moby (Docker Engine) allows containers to start with non-empty inheritable Linux process capabilities. An attacker with access to programs having inheritable file capa...

A memory access vulnerability in the Linux kernel's i915 GPU driver allows local attackers to execute malicious GPU code, potentially causing system crashes or privilege escalation. This affects Linux...

A use-after-free vulnerability in the Linux kernel's FUSE filesystem allows a local attacker to trigger write() operations that can lead to unauthorized data access and privilege escalation. This affe...

CVE-2022-0847 (Dirty Pipe) is a Linux kernel vulnerability that allows unprivileged local users to write to read-only files in the page cache, enabling privilege escalation to root. This affects Linux...

A local privilege escalation vulnerability in the KVM subsystem for s390 architecture in Linux kernel allows a local attacker with normal user privileges to gain unauthorized memory write access. This...

This vulnerability in KVM's AMD SVM nested virtualization allows a malicious L1 guest to disable security intercepts for L2 guests, potentially enabling L2 guests to read/write host physical memory. T...

CVE-2021-3609 is a race condition vulnerability in the Linux kernel's CAN BCM networking protocol that allows local attackers to corrupt memory and potentially escalate privileges to root. This affect...

CVE-2022-0492 is a Linux kernel vulnerability in the cgroups v1 release_agent feature that allows local attackers to escalate privileges and escape container namespaces. This affects Linux systems usi...

CVE-2020-25717 is a privilege escalation vulnerability in Samba's domain user mapping mechanism. Authenticated attackers can exploit this flaw to gain elevated privileges on Samba servers. This affect...

This vulnerability in Samba's Active Directory Domain Controller allows attackers to bypass Kerberos authentication by exploiting confusion about user identity when Kerberos PAC (Privilege Attribute C...

CVE-2021-3551 is a credential exposure vulnerability in Dogtag PKI-server where the spkispawn command, when run in debug mode, stores admin credentials in installation log files. This allows local att...

CVE-2021-4034 (PwnKit) is a local privilege escalation vulnerability in polkit's pkexec utility that allows unprivileged local users to gain root privileges by exploiting improper argument handling. T...

CVE-2021-3621 is a command injection vulnerability in SSSD's sssctl command that allows attackers to execute arbitrary shell commands with root privileges. This occurs when root users run specially cr...

A path traversal vulnerability in rsync's --safe-links option allows attackers to write files outside intended directories when the client fails to properly verify nested symbolic links from the serve...

A symlink traversal vulnerability in the containers/storage library used by Podman, Buildah, and CRI-O allows malicious container images to cause denial of service via OOM kill. Attackers can exploit ...

This vulnerability in Booth cluster ticket manager allows an attacker to bypass HMAC validation by providing a specially-crafted hash to gcry_md_get_algo_dlen(). This could enable unauthorized access ...