Filtered by vendor Redhat
Subscriptions
Total
21359 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3914 | 1 Redhat | 4 Build Of Quarkus, Openshift Application Runtimes, Quarkus and 1 more | 2024-08-03 | 6.1 Medium |
| It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks. | ||||
| CVE-2021-3805 | 3 Debian, Object-path Project, Redhat | 3 Debian Linux, Object-path, Acm | 2024-08-03 | 7.5 High |
| object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||||
| CVE-2021-3798 | 2 Opencryptoki Project, Redhat | 2 Opencryptoki, Enterprise Linux | 2024-08-03 | 5.5 Medium |
| A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. | ||||
| CVE-2021-3872 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-08-03 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3864 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-08-03 | 7.0 High |
| A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | ||||
| CVE-2021-3859 | 2 Netapp, Redhat | 10 Cloud Secure Agent, Oncommand Insight, Oncommand Workflow Automation and 7 more | 2024-08-03 | 7.5 High |
| A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | ||||
| CVE-2021-3856 | 1 Redhat | 2 Keycloak, Red Hat Single Sign On | 2024-08-03 | 4.3 Medium |
| ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available. | ||||
| CVE-2021-3826 | 3 Fedoraproject, Gnu, Redhat | 4 Fedora, Gcc, Enterprise Linux and 1 more | 2024-08-03 | 6.5 Medium |
| Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | ||||
| CVE-2021-3827 | 1 Redhat | 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more | 2024-08-03 | 6.8 Medium |
| A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. | ||||
| CVE-2021-3814 | 1 Redhat | 2 3scale, 3scale Amp | 2024-08-03 | 7.5 High |
| It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure. | ||||
| CVE-2021-3801 | 2 Prismjs, Redhat | 2 Prism, Advanced Cluster Security | 2024-08-03 | 6.5 Medium |
| prism is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3763 | 1 Redhat | 1 Amq Broker | 2024-08-03 | 4.3 Medium |
| A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity. | ||||
| CVE-2021-3757 | 2 Immer Project, Redhat | 2 Immer, Rhmt | 2024-08-03 | 9.8 Critical |
| immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||||
| CVE-2021-3796 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more | 2024-08-03 | 7.3 High |
| vim is vulnerable to Use After Free | ||||
| CVE-2021-3802 | 3 Fedoraproject, Redhat, Udisks Project | 3 Fedora, Enterprise Linux, Udisks | 2024-08-03 | 4.2 Medium |
| A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3782 | 2 Redhat, Wayland | 2 Enterprise Linux, Wayland | 2024-08-03 | 6.6 Medium |
| An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. | ||||
| CVE-2021-3762 | 1 Redhat | 2 Clair, Quay | 2024-08-03 | 9.8 Critical |
| A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. | ||||
| CVE-2021-3765 | 2 Redhat, Validator Project | 2 Openshift Data Foundation, Validator | 2024-08-03 | 7.5 High |
| validator.js is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3778 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more | 2024-08-03 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3807 | 3 Ansi-regex Project, Oracle, Redhat | 10 Ansi-regex, Communications Cloud Native Core Policy, Acm and 7 more | 2024-08-03 | 7.5 High |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | ||||