Redhat

Enterprise Linux Eus

784 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.19%
  • Veröffentlicht 16.02.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 06:21:49

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privile...

Warnung Exploit
  • EPSS 94.92%
  • Veröffentlicht 28.01.2022 20:15:12
  • Zuletzt bearbeitet 06.11.2025 14:50:26

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pk...

  • EPSS 2.52%
  • Veröffentlicht 23.12.2021 21:15:08
  • Zuletzt bearbeitet 03.11.2025 21:15:42

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as...

Exploit
  • EPSS 2.62%
  • Veröffentlicht 23.11.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:22:07

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulner...

Warnung
  • EPSS 100%
  • Veröffentlicht 16.09.2021 15:15:07
  • Zuletzt bearbeitet 27.10.2025 17:37:06

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

  • EPSS 2.96%
  • Veröffentlicht 09.07.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:52

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat f...

  • EPSS 1.2%
  • Veröffentlicht 27.05.2021 20:15:07
  • Zuletzt bearbeitet 21.11.2024 05:02:57

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive inform...

  • EPSS 2.66%
  • Veröffentlicht 07.10.2020 15:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:04

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1. Both the SPICE client (spice-gtk) and server are affected by these flaws. These flaws allow a malicious ...

  • EPSS 6.62%
  • Veröffentlicht 11.09.2020 17:15:18
  • Zuletzt bearbeitet 23.02.2026 18:23:07

<p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with th...

  • EPSS 89.74%
  • Veröffentlicht 07.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via ...