Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13572 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37576 | 3 Fedoraproject, Linux, Redhat | 7 Fedora, Linux Kernel, Enterprise Linux and 4 more | 2024-08-04 | 7.8 High |
| arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. | ||||
| CVE-2021-37618 | 3 Exiv2, Fedoraproject, Redhat | 3 Exiv2, Fedora, Enterprise Linux | 2024-08-04 | 4.7 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5. | ||||
| CVE-2021-37619 | 3 Exiv2, Fedoraproject, Redhat | 3 Exiv2, Fedora, Enterprise Linux | 2024-08-04 | 4.7 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.5. | ||||
| CVE-2021-37159 | 4 Debian, Linux, Oracle and 1 more | 6 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more | 2024-08-04 | 6.4 Medium |
| hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. | ||||
| CVE-2021-36980 | 2 Openvswitch, Redhat | 3 Openvswitch, Enterprise Linux, Openshift | 2024-08-04 | 5.5 Medium |
| Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | ||||
| CVE-2021-36740 | 6 Debian, Fedoraproject, Redhat and 3 more | 8 Debian Linux, Fedora, Enterprise Linux and 5 more | 2024-08-04 | 6.5 Medium |
| Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8. | ||||
| CVE-2021-36386 | 3 Fedoraproject, Fetchmail, Redhat | 3 Fedora, Fetchmail, Enterprise Linux | 2024-08-04 | 7.5 High |
| report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. | ||||
| CVE-2021-36222 | 5 Debian, Mit, Netapp and 2 more | 8 Debian Linux, Kerberos 5, Active Iq Unified Manager and 5 more | 2024-08-04 | 7.5 High |
| ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. | ||||
| CVE-2021-36221 | 6 Debian, Fedoraproject, Golang and 3 more | 15 Debian Linux, Fedora, Go and 12 more | 2024-08-04 | 5.9 Medium |
| Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | ||||
| CVE-2021-36160 | 7 Apache, Broadcom, Debian and 4 more | 16 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 13 more | 2024-08-04 | 7.5 High |
| A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive). | ||||
| CVE-2021-36084 | 3 Fedoraproject, Redhat, Selinux Project | 3 Fedora, Enterprise Linux, Selinux | 2024-08-04 | 3.3 Low |
| The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper). | ||||
| CVE-2021-36087 | 3 Fedoraproject, Redhat, Selinux Project | 3 Fedora, Enterprise Linux, Selinux | 2024-08-04 | 3.3 Low |
| The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block. | ||||
| CVE-2021-36086 | 3 Fedoraproject, Redhat, Selinux Project | 3 Fedora, Enterprise Linux, Selinux | 2024-08-04 | 3.3 Low |
| The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). | ||||
| CVE-2021-36085 | 3 Fedoraproject, Redhat, Selinux Project | 3 Fedora, Enterprise Linux, Selinux | 2024-08-04 | 3.3 Low |
| The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). | ||||
| CVE-2021-35942 | 4 Debian, Gnu, Netapp and 1 more | 8 Debian Linux, Glibc, Active Iq Unified Manager and 5 more | 2024-08-04 | 9.1 Critical |
| The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. | ||||
| CVE-2021-35603 | 5 Debian, Fedoraproject, Netapp and 2 more | 18 Debian Linux, Fedora, Active Iq Unified Manager and 15 more | 2024-08-04 | 3.7 Low |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2021-35938 | 3 Fedoraproject, Redhat, Rpm | 6 Fedora, Enterprise Linux, Openshift and 3 more | 2024-08-04 | 6.7 Medium |
| A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-35939 | 2 Redhat, Rpm | 5 Enterprise Linux, Openshift, Openshift Data Foundation and 2 more | 2024-08-04 | 6.7 Medium |
| It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-35937 | 3 Fedoraproject, Redhat, Rpm | 6 Fedora, Enterprise Linux, Openshift and 3 more | 2024-08-04 | 6.4 Medium |
| A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-35588 | 5 Debian, Fedoraproject, Netapp and 2 more | 17 Debian Linux, Fedora, Active Iq Unified Manager and 14 more | 2024-08-04 | 3.1 Low |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). | ||||