Enterprise Linux Security Vulnerabilities and Issues — Enterprise Linux CVE List

Lucene search

RedhatEnterprise Linux

9 matches found

CVE•added 2021/12/14 12:15 p.m.•1081 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS

CVE•added 2021/12/23 9:15 p.m.•920 views

CVE-2021-3621

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threa...

9.3CVSS8.8AI score0.00276EPSS

CVE•added 2021/12/23 6:15 a.m.•503 views

CVE-2021-45463

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP...

7.8CVSS7.5AI score0.01608EPSS

CVE•added 2021/12/22 5:15 p.m.•325 views

CVE-2021-44733

A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.

7CVSS7.3AI score0.00225EPSS

CVE•added 2021/12/25 7:15 p.m.•219 views

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read

7.1CVSS8.1AI score0.00224EPSS

CVE•added 2021/12/08 10:15 p.m.•207 views

CVE-2021-4048

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portion...

9.1CVSS9.1AI score0.00365EPSS

CVE•added 2021/12/23 9:15 p.m.•175 views

CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

4.3CVSS4.3AI score0.00583EPSS

CVE•added 2021/12/23 8:15 p.m.•171 views

CVE-2021-4024

A flaw was found in podman. The podman machine function (used to create and manage Podman virtual machine containing a Podman process) spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall...

6.5CVSS6.3AI score0.00095EPSS

CVE•added 2021/12/15 8:15 p.m.•164 views

CVE-2021-45078

stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.

7.8CVSS8.1AI score0.00531EPSS