Redhat Enterprise Linux Aus — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Enterprise Linux Aus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (48)
CVE-2019-10126 — CVSS 9.8 (critical): A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mw…
CVE-2016-9901 — CVSS 9.8 (critical): HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the…
CVE-2017-7824 — CVSS 9.8 (critical): A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an…
CVE-2013-0775 — CVSS 9.3 (critical): Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before…
CVE-2013-0783 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird…
CVE-2013-0782 — CVSS 9.3 (critical): Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before…
CVE-2013-0780 — CVSS 9.3 (critical): Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before…
CVE-2021-3570 — CVSS 8.8 (high): A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a…
CVE-2019-9506 — CVSS 8.1 (high): The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an…
CVE-2024-3183 — CVSS 8.1 (high): A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different…
CVE-2011-1093 — CVSS 7.8 (high): The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux…
CVE-2018-13405 — CVSS 7.8 (high): The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group…
CVE-2023-0494 — CVSS 7.8 (high): A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by…
CVE-2023-3972 — CVSS 7.8 (high): A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of…
CVE-2024-0229 — CVSS 7.8 (high): An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is…
CVE-2019-11477 — CVSS 7.5 (high): Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when…
CVE-2018-14638 — CVSS 7.5 (high): A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent…
CVE-2020-1045 — CVSS 7.5 (high): <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core…
CVE-2025-62231 — CVSS 7.3 (high): A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function…
CVE-2025-62230 — CVSS 7.3 (high): A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees…
CVE-2017-10661 — CVSS 7.0 (high): Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list…
CVE-2019-11811 — CVSS 7.0 (high): An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the…
CVE-2021-3609 — CVSS 7.0 (high): .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to…
CVE-2023-47038 — CVSS 7.0 (high): A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can…
CVE-2011-1745 — CVSS 6.9 (medium): Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local…
CVE-2011-2022 — CVSS 6.9 (medium): The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start…
CVE-2011-1746 — CVSS 6.9 (medium): Multiple integer overflows in the (1) agp_allocate_memory and (2) agp_create_user_memory functions in drivers/char/agp/generic.c in the…
CVE-2021-20316 — CVSS 6.8 (medium): A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or…
CVE-2020-14355 — CVSS 6.6 (medium): Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before…
CVE-2012-0260 — CVSS 6.5 (medium): The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory…
CVE-2020-10711 — CVSS 5.9 (medium): A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing…
CVE-2018-1049 — CVSS 5.9 (medium): In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be…
CVE-2013-0772 — CVSS 5.8 (medium): The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote…
CVE-2018-16878 — CVSS 5.5 (medium): A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled…
CVE-2021-3669 — CVSS 5.5 (medium): A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which…
CVE-2019-11478 — CVSS 5.3 (medium): Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when…
CVE-2017-7829 — CVSS 5.3 (medium): It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's…
CVE-2011-2213 — CVSS 4.9 (medium): The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode…
CVE-2011-1593 — CVSS 4.9 (medium): Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel before 2.6.38.4 allow local users to cause a…
CVE-2017-7847 — CVSS 4.3 (medium): Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird <…
CVE-2013-0776 — CVSS 4.0 (medium): Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey…
CVE-2011-1182 — CVSS 3.6 (low): kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system…
CVE-2014-9585 — CVSS 2.1 (low): The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO…
CVE-2014-9584 — CVSS 2.1 (low): The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the…
CVE-2011-2492 — CVSS 1.9 (low): The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users…