Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
13572 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-33655 | 3 Debian, Linux, Redhat | 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-08-03 | 6.7 Medium |
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. | ||||
CVE-2021-33644 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-08-03 | 8.1 High |
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. | ||||
CVE-2021-33630 | 2 Huawei, Redhat | 2 Openeuler, Enterprise Linux | 2024-08-03 | 5.5 Medium |
NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3. | ||||
CVE-2021-33656 | 4 Debian, Huawei, Linux and 1 more | 6 Debian Linux, Openeuler, Linux Kernel and 3 more | 2024-08-03 | 6.8 Medium |
When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. | ||||
CVE-2021-33646 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-08-03 | 7.5 High |
The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. | ||||
CVE-2021-33621 | 3 Fedoraproject, Redhat, Ruby-lang | 6 Fedora, Enterprise Linux, Rhel Eus and 3 more | 2024-08-03 | 8.8 High |
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object. | ||||
CVE-2021-33631 | 2 Huawei, Redhat | 5 Openeuler, Enterprise Linux, Logging and 2 more | 2024-08-03 | 5.5 Medium |
Integer Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0. | ||||
CVE-2021-33645 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-08-03 | 7.5 High |
The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. | ||||
CVE-2021-33643 | 4 Fedoraproject, Feep, Huawei and 1 more | 4 Fedora, Libtar, Openeuler and 1 more | 2024-08-03 | 9.1 Critical |
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | ||||
CVE-2021-33620 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-08-03 | 6.5 Medium |
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | ||||
CVE-2021-33502 | 2 Normalize-url Project, Redhat | 6 Normalize-url, Acm, Enterprise Linux and 3 more | 2024-08-03 | 7.5 High |
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. | ||||
CVE-2021-33574 | 5 Debian, Fedoraproject, Gnu and 2 more | 21 Debian Linux, Fedora, Glibc and 18 more | 2024-08-03 | 9.8 Critical |
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. | ||||
CVE-2021-33582 | 4 Cyrus, Debian, Fedoraproject and 1 more | 5 Imap, Debian Linux, Fedora and 2 more | 2024-08-03 | 7.5 High |
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16. | ||||
CVE-2021-33560 | 5 Debian, Fedoraproject, Gnupg and 2 more | 9 Debian Linux, Fedora, Libgcrypt and 6 more | 2024-08-03 | 7.5 High |
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. | ||||
CVE-2021-33516 | 2 Gnome, Redhat | 3 Gupnp, Enterprise Linux, Rhel Eus | 2024-08-03 | 8.1 High |
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc. | ||||
CVE-2021-33515 | 4 Debian, Dovecot, Fedoraproject and 1 more | 4 Debian Linux, Dovecot, Fedora and 1 more | 2024-08-03 | 4.8 Medium |
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. | ||||
CVE-2021-33503 | 4 Fedoraproject, Oracle, Python and 1 more | 10 Fedora, Enterprise Manager Ops Center, Instantis Enterprisetrack and 7 more | 2024-08-03 | 7.5 High |
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. | ||||
CVE-2021-33285 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-08-03 | 7.8 High |
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the "bytes_in_use" field should be less than the "bytes_allocated" field. When it is not, the parsing of the records proceeds into the wild. | ||||
CVE-2021-33289 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-08-03 | 7.8 High |
In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a heap buffer overflow can occur and allow for code execution. | ||||
CVE-2021-33287 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Advanced Virtualization and 2 more | 2024-08-03 | 7.8 High |
In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntfs_attr_pread_i, a heap buffer overflow can occur and allow for writing to arbitrary memory or denial of service of the application. |