Redhat

Enterprise Linux

1715 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2022-0487

  • EPSS 0.05%
  • Veröffentlicht 04.02.2022 23:15:12
  • Zuletzt bearbeitet 21.11.2024 06:38:45

A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kerne...

7.8

CVE-2021-4034

Warnung Exploit
  • EPSS 87.12%
  • Veröffentlicht 28.01.2022 20:15:12
  • Zuletzt bearbeitet 06.11.2025 14:50:26

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pk...

6.5

CVE-2021-4145

  • EPSS 0.07%
  • Veröffentlicht 25.01.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:36:59

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the gu...

7.8

CVE-2021-45417

Exploit
  • EPSS 0.04%
  • Veröffentlicht 20.01.2022 18:15:07
  • Zuletzt bearbeitet 21.11.2024 06:32:10

AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.

6.5

CVE-2022-21682

  • EPSS 0.34%
  • Veröffentlicht 13.01.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory wi...

8.6

CVE-2021-43860

  • EPSS 0.17%
  • Veröffentlicht 12.01.2022 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:57

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to...

7.5

CVE-2021-41819

Exploit
  • EPSS 0.69%
  • Veröffentlicht 01.01.2022 06:15:07
  • Zuletzt bearbeitet 22.05.2025 15:15:54

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

7.5

CVE-2021-41817

Exploit
  • EPSS 0.5%
  • Veröffentlicht 01.01.2022 05:15:08
  • Zuletzt bearbeitet 21.11.2024 06:26:48

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

7.1

CVE-2021-4166

Exploit
  • EPSS 0.35%
  • Veröffentlicht 25.12.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:37:03

vim is vulnerable to Out-of-bounds Read

9.3

CVE-2021-3621

  • EPSS 0.45%
  • Veröffentlicht 23.12.2021 21:15:08
  • Zuletzt bearbeitet 03.11.2025 21:15:42

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as...