Vulnerabilities > Redhat > Enterprise Linux Server EUS > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-22 CVE-2021-3659 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection.
local
low complexity
linux fedoraproject redhat CWE-476
5.5
2022-03-04 CVE-2021-3744 A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
local
low complexity
linux fedoraproject debian redhat oracle
5.5
2021-03-03 CVE-2021-20225 Out-of-bounds Write vulnerability in multiple products
A flaw was found in grub2 in versions prior to 2.06.
local
low complexity
gnu redhat fedoraproject netapp CWE-787
6.7
2021-03-03 CVE-2020-27749 A flaw was found in grub2 in versions prior to 2.06.
local
low complexity
gnu redhat fedoraproject netapp
6.7
2020-01-14 CVE-2015-3147 Link Following vulnerability in Redhat products
daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt.
network
low complexity
redhat CWE-59
6.5
2019-11-14 CVE-2018-12207 Improper Input Validation vulnerability in multiple products
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.
6.5
2019-07-31 CVE-2019-10182 It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files.
network
low complexity
icedtea-web-project redhat
6.5
2019-03-25 CVE-2019-3838 It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27.
local
low complexity
artifex redhat fedoraproject opensuse debian
5.5
2019-03-25 CVE-2019-3835 Missing Authorization vulnerability in multiple products
It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27.
5.5
2019-03-21 CVE-2019-6454 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in sd-bus in systemd 239.
5.5