Filtered by vendor Redhat
Subscriptions
Total
21359 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4127 | 2 Mozilla, Redhat | 4 Firefox Esr, Thunderbird, Enterprise Linux and 1 more | 2024-08-03 | 9.8 Critical |
| An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. | ||||
| CVE-2021-4193 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-08-03 | 5.5 Medium |
| vim is vulnerable to Out-of-bounds Read | ||||
| CVE-2021-4158 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-08-03 | 6.0 Medium |
| A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | ||||
| CVE-2021-4155 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux, Rhel Aus and 6 more | 2024-08-03 | 5.5 Medium |
| A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | ||||
| CVE-2021-4192 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-08-03 | 7.8 High |
| vim is vulnerable to Use After Free | ||||
| CVE-2021-4197 | 6 Broadcom, Debian, Linux and 3 more | 16 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 13 more | 2024-08-03 | 7.8 High |
| An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. | ||||
| CVE-2021-4207 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-08-03 | 8.2 High |
| A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | ||||
| CVE-2021-4028 | 3 Linux, Redhat, Suse | 9 Linux Kernel, Enterprise Linux, Rhel Aus and 6 more | 2024-08-03 | 7.8 High |
| A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. | ||||
| CVE-2021-4125 | 1 Redhat | 1 Openshift | 2024-08-03 | 8.1 High |
| It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6. | ||||
| CVE-2021-4159 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-08-03 | 4.4 Medium |
| A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. | ||||
| CVE-2021-4129 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-08-03 | 9.8 Critical |
| Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0. | ||||
| CVE-2021-4122 | 2 Cryptsetup Project, Redhat | 2 Cryptsetup, Enterprise Linux | 2024-08-03 | 4.3 Medium |
| It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium. | ||||
| CVE-2021-4133 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Rhosemc | 2024-08-03 | 8.8 High |
| A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | ||||
| CVE-2021-4112 | 1 Redhat | 5 Ansible Automation Platform, Ansible Automation Platform Early Access, Ansible Automation Platform Text-only Advisories and 2 more | 2024-08-03 | 8.8 High |
| A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. | ||||
| CVE-2021-4145 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-08-03 | 6.5 Medium |
| A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. | ||||
| CVE-2021-4156 | 3 Debian, Libsndfile Project, Redhat | 3 Debian Linux, Libsndfile, Enterprise Linux | 2024-08-03 | 7.1 High |
| An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | ||||
| CVE-2021-4140 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-08-03 | 10.0 Critical |
| It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | ||||
| CVE-2021-4104 | 4 Apache, Fedoraproject, Oracle and 1 more | 59 Log4j, Fedora, Advanced Supply Chain Planning and 56 more | 2024-08-03 | 7.5 High |
| JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | ||||
| CVE-2021-4083 | 5 Debian, Linux, Netapp and 2 more | 30 Debian Linux, Linux Kernel, H300e and 27 more | 2024-08-03 | 7.0 High |
| A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. | ||||
| CVE-2021-4040 | 2 Apache, Redhat | 2 Activemq Artemis, Amq Broker | 2024-08-03 | 5.3 Medium |
| A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability. | ||||