|
501
|
8.8
9.3
|
HIGH
Network
|
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into …
|
CWE-78
OS Command
|
CVE-2021-3621
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2024-11-21 15:22
2021-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
6.5
6.4
|
MEDIUM
Network
|
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` A…
|
CWE-200 CWE-346
Information Exposure Origin Validation Error
|
CVE-2021-4024
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 15:36
2021-12-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
7.8
6.8
|
HIGH
Local
|
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of…
|
NVD-CWE-noinfo
|
CVE-2021-45463
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 15:32
2021-12-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
7.0
4.4
|
HIGH
Local
|
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a s…
|
CWE-362
Race Condition
|
CVE-2021-44733
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 15:31
2021-12-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
7.8
6.8
|
HIGH
Local
|
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated b…
|
CWE-787
Out-of-bounds Write
|
CVE-2021-45078
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 15:31
2021-12-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
7.5
6.0
|
HIGH
Network
|
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectio…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2021-4104
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.0:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2024-11-21 15:36
2021-12-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
9.1
6.4
|
CRITICAL
Network
|
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs pas…
|
-
|
CVE-2021-4048
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 15:36
2021-12-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
4.2
6.3
|
MEDIUM
Local
|
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availabilit…
|
-
|
CVE-2021-3802
|
cpe:2.3:o:redhat:enterprise_linux:8.0:*
|
|
|
|
|
2024-11-21 15:22
2021-11-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
5.6
6.8
|
MEDIUM
Network
|
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Do…
|
CWE-79
Cross-site Scripting
|
CVE-2021-3672
|
cpe:2.3:o:redhat:enterprise_linux:8.0:* cpe:2.3:o:redhat:enterprise_linux:7.7:* cpe:2.3:o:redhat:enterprise_linux…
|
|
|
|
|
2024-11-21 15:22
2021-11-24
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
8.1
5.1
|
HIGH
Network
|
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate ver…
|
CWE-295
Improper Certificate Validation
|
CVE-2021-3935
|
cpe:2.3:o:redhat:enterprise_linux:7.0:*
|
|
|
|
|
2024-11-21 15:22
2021-11-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|