Redhat

Enterprise Linux

1857 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.34%
  • Veröffentlicht 10.03.2022 17:44:56
  • Zuletzt bearbeitet 21.11.2024 06:38:49

A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw aff...

Exploit
  • EPSS 4.68%
  • Veröffentlicht 10.03.2022 17:42:59
  • Zuletzt bearbeitet 03.11.2025 22:15:50

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication r...

  • EPSS 0.67%
  • Veröffentlicht 10.03.2022 17:42:57
  • Zuletzt bearbeitet 21.11.2024 06:22:10

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Cert...

  • EPSS 1.24%
  • Veröffentlicht 10.03.2022 17:42:55
  • Zuletzt bearbeitet 21.11.2024 06:22:05

Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar...

  • EPSS 0.66%
  • Veröffentlicht 04.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:05

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the ...

Exploit
  • EPSS 11.59%
  • Veröffentlicht 04.03.2022 19:15:08
  • Zuletzt bearbeitet 17.12.2025 22:15:56

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from...

Exploit
  • EPSS 1.54%
  • Veröffentlicht 04.03.2022 18:15:08
  • Zuletzt bearbeitet 03.11.2025 20:15:50

A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.

  • EPSS 1.9%
  • Veröffentlicht 04.03.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 05:51:23

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certif...

  • EPSS 0.33%
  • Veröffentlicht 03.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:57

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When ru...

  • EPSS 0.38%
  • Veröffentlicht 03.03.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:22:00

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.