Filtered by vendor Redhat Subscriptions
Total 21359 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3759 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-08-03 5.5 Medium
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-3772 5 Debian, Linux, Netapp and 2 more 26 Debian Linux, Linux Kernel, E-series Santricity Os Controller and 23 more 2024-08-03 6.5 Medium
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
CVE-2021-3795 2 Redhat, Semver-regex Project 2 Acm, Semver-regex 2024-08-03 7.5 High
semver-regex is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3773 4 Fedoraproject, Linux, Oracle and 1 more 6 Fedora, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more 2024-08-03 9.8 Critical
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.
CVE-2021-3764 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-08-03 5.5 Medium
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
CVE-2021-3749 4 Axios, Oracle, Redhat and 1 more 9 Axios, Goldengate, Acm and 6 more 2024-08-03 7.5 High
axios is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3748 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-08-03 7.5 High
A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the descriptor's address belongs to the non direct access region, due to num_buffers being set after the virtqueue elem has been unmapped. A malicious guest could use this flaw to crash QEMU, resulting in a denial of service condition, or potentially execute code on the host with the privileges of the QEMU process.
CVE-2021-3752 6 Debian, Fedoraproject, Linux and 3 more 28 Debian Linux, Fedora, Linux Kernel and 25 more 2024-08-03 7.1 High
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2021-3753 3 Linux, Netapp, Redhat 18 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 15 more 2024-08-03 4.7 Medium
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.
CVE-2021-3754 1 Redhat 2 Keycloak, Single Sign-on 2024-08-03 5.3 Medium
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
CVE-2021-3750 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Rhel Eus 2024-08-03 8.2 High
A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.
CVE-2021-3697 2 Gnu, Redhat 14 Grub2, Codeready Linux Builder, Developer Tools and 11 more 2024-08-03 7.0 High
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.
CVE-2021-3744 5 Debian, Fedoraproject, Linux and 2 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2024-08-03 5.5 Medium
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
CVE-2021-3700 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Enterprise Linux and 1 more 2024-08-03 6.4 Medium
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.
CVE-2021-3670 3 Fedoraproject, Redhat, Samba 3 Fedora, Storage, Samba 2024-08-03 6.5 Medium
MaxQueryDuration not honoured in Samba AD DC LDAP
CVE-2021-3684 1 Redhat 4 Assisted Installer, Enterprise Linux, Openshift Assisted Installer and 1 more 2024-08-03 5.5 Medium
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.
CVE-2021-3732 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-08-03 5.5 Medium
A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible.
CVE-2021-3659 3 Fedoraproject, Linux, Redhat 17 Fedora, Linux Kernel, Codeready Linux Builder and 14 more 2024-08-03 5.5 Medium
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability.
CVE-2021-3631 2 Netapp, Redhat 5 Ontap Select Deploy Administration Utility, Advanced Virtualization, Enterprise Linux and 2 more 2024-08-03 6.3 Medium
A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity.
CVE-2021-3667 2 Netapp, Redhat 4 Ontap Select Deploy Administration Utility, Advanced Virtualization, Enterprise Linux and 1 more 2024-08-03 6.5 Medium
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.