Filtered by vendor Redhat
Subscribe
Total
5605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44142 | 6 Canonical, Debian, Fedoraproject and 3 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. | |||||
| CVE-2022-30599 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | |||||
| CVE-2021-3750 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-02-28 | 4.6 MEDIUM | 8.2 HIGH |
| A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. | |||||
| CVE-2021-20238 | 1 Redhat | 2 Openshift Container Platform, Openshift Machine-config-operator | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. In this scenario, the ignition config is exposed to all pods within the cluster and cannot be accessed externally. | |||||
| CVE-2021-41817 | 6 Debian, Fedoraproject, Opensuse and 3 more | 9 Debian Linux, Fedora, Factory and 6 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. | |||||
| CVE-2021-38911 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940. | |||||
| CVE-2021-42550 | 4 Netapp, Qos, Redhat and 1 more | 6 Cloud Manager, Service Level Manager, Snap Creator Framework and 3 more | 2024-02-28 | 8.5 HIGH | 6.6 MEDIUM |
| In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | |||||
| CVE-2021-4154 | 3 Linux, Netapp, Redhat | 4 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux and 1 more | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. | |||||
| CVE-2021-4133 | 1 Redhat | 1 Keycloak | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | |||||
| CVE-2021-29912 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828. | |||||
| CVE-2022-21682 | 4 Debian, Fedoraproject, Flatpak and 1 more | 5 Debian Linux, Fedora, Flatpak and 2 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`. | |||||
| CVE-2021-20578 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. | |||||
| CVE-2021-3622 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Enterprise Linux Workstation and 1 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-39013 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651. | |||||
| CVE-2021-45078 | 5 Debian, Fedoraproject, Gnu and 2 more | 5 Debian Linux, Fedora, Binutils and 2 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. | |||||
| CVE-2021-4104 | 4 Apache, Fedoraproject, Oracle and 1 more | 46 Log4j, Fedora, Advanced Supply Chain Planning and 43 more | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
| JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. | |||||
| CVE-2021-4145 | 2 Qemu, Redhat | 2 Qemu, Enterprise Linux | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
| A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. | |||||
| CVE-2021-3583 | 1 Redhat | 3 Ansible Automation Platform, Ansible Engine, Ansible Tower | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
| A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. | |||||
| CVE-2021-3746 | 3 Fedoraproject, Libtpms Project, Redhat | 3 Fedora, Libtpms, Enterprise Linux | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
| A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6. | |||||
| CVE-2021-3653 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-28 | 6.1 MEDIUM | 8.8 HIGH |
| A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7. | |||||