Vulnerabilities > Redhat > Enterprise Linux EUS

DATE CVE VULNERABILITY TITLE RISK
2021-12-23 CVE-2021-3621 OS Command Injection vulnerability in multiple products
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands.
network
low complexity
fedoraproject redhat CWE-78
8.8
2021-11-23 CVE-2021-3672 Cross-site Scripting vulnerability in multiple products
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking.
5.6
2021-07-09 CVE-2021-3570 Out-of-bounds Write vulnerability in multiple products
A flaw was found in the ptp4l program of the linuxptp package.
8.8
2021-05-27 CVE-2020-14301 An information disclosure vulnerability was found in libvirt in versions before 6.3.0.
network
low complexity
redhat netapp
6.5
2020-10-07 CVE-2020-14355 Classic Buffer Overflow vulnerability in multiple products
Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1.
6.6
2020-08-07 CVE-2020-9490 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43.
7.5
2020-07-31 CVE-2020-14311 There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems.
local
low complexity
gnu redhat opensuse canonical
6.0
2020-07-31 CVE-2020-14310 Integer Overflow or Wraparound vulnerability in multiple products
There is an issue on grub2 before version 2.06 at function read_section_as_string().
local
low complexity
gnu redhat opensuse canonical CWE-190
6.0
2020-02-07 CVE-2019-15606 Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
network
low complexity
nodejs oracle debian redhat opensuse
critical
9.8
2020-02-07 CVE-2019-15605 HTTP Request Smuggling vulnerability in multiple products
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
network
low complexity
nodejs debian fedoraproject opensuse redhat oracle CWE-444
critical
9.8