Red Hat, Inc.

8 exploits Active since Jun 2017
CVE-2021-3156 NOMISEC HIGH WORKING POC
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
111 stars
CVSS 7.8
CVE-2022-0847 NOMISEC HIGH SCANNER
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
2 stars
CVSS 7.8
CVE-2021-3975 NOMISEC MEDIUM WRITEUP
libvirt < 7.1.0 - Use-After-Free in qemuMonitorUnregister
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.
CVSS 6.5
CVE-2021-3156 NOMISEC HIGH SCANNER
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVSS 7.8
CVE-2026-4802 WRITEUP HIGH WRITEUP
Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected system. This could result in a complete system compromise.
CVSS 8.0
CVE-2015-5263 WRITEUP HIGH WRITEUP
pulp-consumer-client <2.7 - Info Disclosure
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
CVSS 8.1
CVE-2016-3704 WRITEUP HIGH WRITEUP
Pulp <2.8.5 - Code Injection
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
CVSS 7.5
CVE-2016-3704 WRITEUP HIGH WRITEUP
Pulp <2.8.5 - Code Injection
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
CVSS 7.5