Filtered by vendor Redhat
Subscriptions
Total
21359 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4294 | 1 Redhat | 3 Openshift, Openshift Container Platform, Openshift Osin | 2024-08-03 | 2.6 Low |
| A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987. | ||||
| CVE-2021-4231 | 2 Angular, Redhat | 2 Angular, Ceph Storage | 2024-08-03 | 3.5 Low |
| A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component. | ||||
| CVE-2021-4238 | 2 Goutils Project, Redhat | 5 Goutils, Openshift, Openshift Data Foundation and 2 more | 2024-08-03 | 9.1 Critical |
| Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions. | ||||
| CVE-2021-4235 | 2 Redhat, Yaml Project | 3 Openshift, Openshift Data Foundation, Yaml | 2024-08-03 | 5.5 Medium |
| Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. | ||||
| CVE-2021-4217 | 3 Fedoraproject, Redhat, Unzip Project | 3 Fedora, Enterprise Linux, Unzip | 2024-08-03 | 3.3 Low |
| A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | ||||
| CVE-2021-4213 | 3 Debian, Dogtagpki, Redhat | 4 Debian Linux, Network Security Services For Java, Certificate System and 1 more | 2024-08-03 | 7.5 High |
| A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service. | ||||
| CVE-2021-4154 | 3 Linux, Netapp, Redhat | 6 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux and 3 more | 2024-08-03 | 8.8 High |
| A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. | ||||
| CVE-2021-4209 | 3 Gnu, Netapp, Redhat | 6 Gnutls, Active Iq Unified Manager, Hci Bootstrap Os and 3 more | 2024-08-03 | 6.5 Medium |
| A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | ||||
| CVE-2021-4204 | 4 Debian, Linux, Netapp and 1 more | 15 Debian Linux, Linux Kernel, H300s and 12 more | 2024-08-03 | 7.1 High |
| An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. | ||||
| CVE-2021-4115 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-03 | 5.5 Medium |
| There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned | ||||
| CVE-2021-4206 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-03 | 8.2 High |
| A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | ||||
| CVE-2021-4019 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-08-03 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-4180 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2024-08-03 | 4.3 Medium |
| An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1. | ||||
| CVE-2021-4157 | 5 Fedoraproject, Linux, Netapp and 2 more | 18 Fedora, Linux Kernel, H300e and 15 more | 2024-08-03 | 8.0 High |
| An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. | ||||
| CVE-2021-4142 | 2 Candlepinproject, Redhat | 3 Candlepin, Satellite, Satellite Capsule | 2024-08-03 | 5.5 Medium |
| The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin. | ||||
| CVE-2021-4166 | 7 Apple, Debian, Fedoraproject and 4 more | 8 Mac Os X, Macos, Debian Linux and 5 more | 2024-08-03 | 7.1 High |
| vim is vulnerable to Out-of-bounds Read | ||||
| CVE-2021-4147 | 3 Fedoraproject, Netapp, Redhat | 3 Fedora, Ontap Select Deploy Administration Utility, Libvirt | 2024-08-03 | 6.5 Medium |
| A flaw was found in the libvirt libxl driver. A malicious guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. | ||||
| CVE-2021-4178 | 1 Redhat | 13 A-mq Streams, Amq Streams, Build Of Quarkus and 10 more | 2024-08-03 | 6.7 Medium |
| A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML. | ||||
| CVE-2021-4189 | 4 Debian, Netapp, Python and 1 more | 6 Debian Linux, Ontap Select Deploy Administration Utility, Python and 3 more | 2024-08-03 | 5.3 Medium |
| A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | ||||
| CVE-2021-4203 | 4 Linux, Netapp, Oracle and 1 more | 25 Linux Kernel, A700s, A700s Firmware and 22 more | 2024-08-03 | 6.8 Medium |
| A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | ||||