Redhat

Enterprise Linux

1857 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.3%
  • Veröffentlicht 08.04.2021 23:15:12
  • Zuletzt bearbeitet 21.11.2024 06:21:38

A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing mali...

  • EPSS 1.61%
  • Veröffentlicht 05.04.2021 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:46:19

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possi...

Exploit
  • EPSS 1.59%
  • Veröffentlicht 01.04.2021 18:15:12
  • Zuletzt bearbeitet 21.11.2024 05:46:17

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading...

  • EPSS 1.19%
  • Veröffentlicht 01.04.2021 14:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:24

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclo...

  • EPSS 0.83%
  • Veröffentlicht 26.03.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:15

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corrupti...

  • EPSS 0.23%
  • Veröffentlicht 26.03.2021 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:27:27

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass chec...

  • EPSS 1.54%
  • Veröffentlicht 26.03.2021 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:27:28

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

  • EPSS 0.31%
  • Veröffentlicht 26.03.2021 17:15:12
  • Zuletzt bearbeitet 03.12.2025 15:15:46

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries acros...

  • EPSS 8.74%
  • Veröffentlicht 25.03.2021 19:15:15
  • Zuletzt bearbeitet 21.11.2024 06:21:36

A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this v...

Exploit
  • EPSS 0.76%
  • Veröffentlicht 25.03.2021 19:15:14
  • Zuletzt bearbeitet 21.11.2024 06:21:32

A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when open...