Enterprise Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-23	CVE-2021-45463	load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. local low complexity gegl gimp redhat fedoraproject	7.8
2021-12-22	CVE-2021-44733	Race Condition vulnerability in multiple products A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. local high complexity linux redhat fedoraproject debian netapp CWE-362	7.0
2021-12-15	CVE-2021-45078	Out-of-bounds Write vulnerability in multiple products stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. local low complexity gnu fedoraproject redhat debian netapp CWE-787	7.8
2021-12-14	CVE-2021-4104	Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. network high complexity apache fedoraproject redhat oracle CWE-502	7.5
2021-12-08	CVE-2021-4048	An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. network low complexity lapack-project openblas-project julialang redhat fedoraproject critical	9.1
2021-11-29	CVE-2021-3802	A vulnerability found in udisks2. local low complexity udisks-project fedoraproject redhat	4.2
2021-11-23	CVE-2021-3672	Cross-site Scripting vulnerability in multiple products A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. network high complexity c-ares-project fedoraproject redhat siemens nodejs pgbouncer CWE-79	5.6
2021-11-22	CVE-2021-3935	Improper Certificate Validation vulnerability in multiple products When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. network high complexity pgbouncer redhat fedoraproject debian CWE-295	8.1
2021-11-04	CVE-2021-43389	Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 5.14.15. local low complexity linux redhat debian oracle CWE-125	5.5
2021-10-19	CVE-2021-3746	A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. network low complexity libtpms-project fedoraproject redhat	6.5