Redhat

Enterprise Linux

1731 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-21682

  • EPSS 0.34%
  • Veröffentlicht 13.01.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:45:13

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory wi...

8.6

CVE-2021-43860

  • EPSS 0.17%
  • Veröffentlicht 12.01.2022 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:57

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to...

7.5

CVE-2021-41819

Exploit
  • EPSS 0.76%
  • Veröffentlicht 01.01.2022 06:15:07
  • Zuletzt bearbeitet 22.05.2025 15:15:54

CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.

7.5

CVE-2021-41817

Exploit
  • EPSS 0.5%
  • Veröffentlicht 01.01.2022 05:15:08
  • Zuletzt bearbeitet 21.11.2024 06:26:48

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

7.1

CVE-2021-4166

Exploit
  • EPSS 0.35%
  • Veröffentlicht 25.12.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:37:03

vim is vulnerable to Out-of-bounds Read

9.3

CVE-2021-3621

  • EPSS 0.38%
  • Veröffentlicht 23.12.2021 21:15:08
  • Zuletzt bearbeitet 03.11.2025 21:15:42

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as...

4.3

CVE-2021-3622

Exploit
  • EPSS 0.58%
  • Veröffentlicht 23.12.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:00

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat f...

6.5

CVE-2021-4024

  • EPSS 0.1%
  • Veröffentlicht 23.12.2021 20:15:12
  • Zuletzt bearbeitet 21.11.2024 06:36:44

A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses o...

7.8

CVE-2021-45463

  • EPSS 2.06%
  • Veröffentlicht 23.12.2021 06:15:06
  • Zuletzt bearbeitet 03.11.2025 18:15:37

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. N...

7

CVE-2021-44733

Exploit
  • EPSS 0.26%
  • Veröffentlicht 22.12.2021 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:31:28

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.