Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2022-01-01 CVE-2021-41819 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. 5.0
2022-01-01 CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. 5.0
2021-12-25 CVE-2021-4166 Out-of-bounds Read vulnerability in multiple products
vim is vulnerable to Out-of-bounds Read
5.8
2021-12-23 CVE-2021-3621 Command Injection vulnerability in multiple products
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands.
network
sssd redhat fedoraproject CWE-77
critical
9.3
2021-12-23 CVE-2021-3622 Resource Exhaustion vulnerability in multiple products
A flaw was found in the hivex library.
4.3
2021-12-23 CVE-2021-20318 Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 7.3.9/7.4.0
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978.
network
low complexity
redhat CWE-502
6.5
2021-12-23 CVE-2021-3584 OS Command Injection vulnerability in multiple products
A server side remote code execution vulnerability was found in Foreman project.
network
low complexity
theforeman redhat CWE-78
critical
9.0
2021-12-23 CVE-2021-4024 Origin Validation Error vulnerability in multiple products
A flaw was found in podman.
network
low complexity
podman-project fedoraproject redhat CWE-346
6.4
2021-12-23 CVE-2021-45463 GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. 6.8
2021-12-22 CVE-2021-44733 Use After Free vulnerability in multiple products
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.
4.4