Redhat

Enterprise Linux

1854 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 7%
  • Veröffentlicht 18.02.2025 19:15:29
  • Zuletzt bearbeitet 12.05.2026 13:16:40

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in spec...

Exploit
  • EPSS 72.06%
  • Veröffentlicht 15.01.2025 15:15:10
  • Zuletzt bearbeitet 29.06.2026 21:16:29

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write...

Exploit
  • EPSS 9.35%
  • Veröffentlicht 14.01.2025 18:15:25
  • Zuletzt bearbeitet 29.06.2026 21:16:30

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of un...

Exploit
  • EPSS 1.76%
  • Veröffentlicht 14.01.2025 18:15:25
  • Zuletzt bearbeitet 30.06.2026 00:16:48

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send chec...

Medienbericht Exploit
  • EPSS 2.22%
  • Veröffentlicht 14.01.2025 18:15:25
  • Zuletzt bearbeitet 30.06.2026 00:16:48

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using...

  • EPSS 4.58%
  • Veröffentlicht 14.01.2025 18:15:25
  • Zuletzt bearbeitet 30.06.2026 00:16:48

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, w...

  • EPSS 0.33%
  • Veröffentlicht 12.11.2024 03:15:03
  • Zuletzt bearbeitet 26.06.2026 02:16:50

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender.

  • EPSS 0.3%
  • Veröffentlicht 12.11.2024 03:15:03
  • Zuletzt bearbeitet 26.06.2026 02:16:50

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

  • EPSS 0.33%
  • Veröffentlicht 12.11.2024 02:15:18
  • Zuletzt bearbeitet 26.06.2026 02:16:50

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality.

  • EPSS 0.23%
  • Veröffentlicht 29.10.2024 01:15:04
  • Zuletzt bearbeitet 03.11.2025 23:16:47

In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() retu...