Enterprise Linux Security Vulnerabilities and Issues — Enterprise Linux CVE List

Lucene search

RedhatEnterprise Linux

7 matches found

CVE•added 2022/07/06 4:15 p.m.•170 views

CVE-2021-3695

A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacke...

4.5CVSS7AI score0.00064EPSS

CVE•added 2022/07/06 4:15 p.m.•159 views

CVE-2021-3697

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability...

7CVSS7.6AI score0.00073EPSS

CVE•added 2022/07/14 3:15 p.m.•150 views

CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be ...

5.7CVSS5.2AI score0.00054EPSS

CVE•added 2022/07/06 4:15 p.m.•145 views

CVE-2021-3696

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corr...

6.9CVSS6.8AI score0.00113EPSS

CVE•added 2022/07/12 9:15 p.m.•115 views

CVE-2022-2211

A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.

6.5CVSS6.1AI score0.00097EPSS

CVE•added 2022/07/25 4:15 p.m.•105 views

CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser...

6.1CVSS6.2AI score0.77252EPSS

CVE•added 2022/07/25 4:15 p.m.•70 views

CVE-2022-35651

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context ...

6.1CVSS6.6AI score0.00326EPSS