Filtered by vendor Redhat
Subscriptions
Total
21359 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3580 | 4 Debian, Netapp, Nettle Project and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Nettle and 1 more | 2024-08-03 | 7.5 High |
| A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. | ||||
| CVE-2021-3563 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Keystone, Openstack Platform | 2024-08-03 | 7.4 High |
| A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-3592 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-08-03 | 3.8 Low |
| An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | ||||
| CVE-2021-3524 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, Fedora, Ceph and 1 more | 2024-08-03 | 6.5 Medium |
| A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. | ||||
| CVE-2021-3497 | 3 Debian, Gstreamer Project, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2024-08-03 | 7.8 High |
| GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | ||||
| CVE-2021-3513 | 1 Redhat | 2 Keycloak, Red Hat Single Sign On | 2024-08-03 | 7.5 High |
| A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-3502 | 2 Avahi, Redhat | 2 Avahi, Enterprise Linux | 2024-08-03 | 5.5 Medium |
| A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability. | ||||
| CVE-2021-3514 | 1 Redhat | 4 389 Directory Server, Directory Server, Enterprise Linux and 1 more | 2024-08-03 | 6.5 Medium |
| When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. | ||||
| CVE-2021-3507 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-08-03 | 6.1 Medium |
| A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. | ||||
| CVE-2021-3499 | 2 Ovn, Redhat | 2 Ovn-kubernetes, Openshift | 2024-08-03 | 5.6 Medium |
| A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. It could lead to potentially lose of confidentiality, integrity or availability of a service. | ||||
| CVE-2021-3503 | 1 Redhat | 1 Wildfly | 2024-08-03 | 4.3 Medium |
| A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality. | ||||
| CVE-2021-3505 | 3 Fedoraproject, Libtpms Project, Redhat | 3 Fedora, Libtpms, Enterprise Linux | 2024-08-03 | 5.5 Medium |
| A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-3501 | 4 Fedoraproject, Linux, Netapp and 1 more | 28 Fedora, Linux Kernel, Cloud Backup and 25 more | 2024-08-03 | 7.1 High |
| A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability. | ||||
| CVE-2021-3509 | 1 Redhat | 1 Ceph Storage | 2024-08-03 | 6.1 Medium |
| A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability. | ||||
| CVE-2021-3495 | 2 Netlify, Redhat | 3 Kiali-operator, Openshift Service Mesh, Service Mesh | 2024-08-03 | 8.8 High |
| An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and before 1.24.7. This flaw allows an attacker with a basic level of access to the cluster (to deploy a kiali operand) to use this vulnerability and deploy a given image to anywhere in the cluster, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-3498 | 3 Debian, Gstreamer Project, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2024-08-03 | 7.8 High |
| GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files. | ||||
| CVE-2021-3516 | 6 Debian, Fedoraproject, Netapp and 3 more | 10 Debian Linux, Fedora, Clustered Data Ontap and 7 more | 2024-08-03 | 7.8 High |
| There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability. | ||||
| CVE-2021-3461 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 7.1 High |
| A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name]. | ||||
| CVE-2021-3517 | 6 Debian, Fedoraproject, Netapp and 3 more | 30 Debian Linux, Fedora, Active Iq Unified Manager and 27 more | 2024-08-03 | 8.6 High |
| There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. | ||||
| CVE-2021-3480 | 3 Fedoraproject, Redhat, Slapi-nis Project | 4 Fedora, Enterprise Linux, Rhel Eus and 1 more | 2024-08-03 | 7.5 High |
| A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability. | ||||