Filtered by vendor Redhat
Subscribe
Total
5605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3595 | 4 Debian, Fedoraproject, Libslirp Project and 1 more | 4 Debian Linux, Fedora, Libslirp and 1 more | 2024-02-28 | 2.1 LOW | 3.8 LOW |
| An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0. | |||||
| CVE-2021-3565 | 3 Fedoraproject, Redhat, Tpm2-tools Project | 3 Fedora, Enterprise Linux, Tpm2-tools | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-3497 | 3 Debian, Gstreamer Project, Redhat | 3 Debian Linux, Gstreamer, Enterprise Linux | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. | |||||
| CVE-2020-1742 | 2 Nmstate, Redhat | 2 Kubernetes-nmstate, Openshift Virtualization | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
| An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected. | |||||
| CVE-2021-3637 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | |||||
| CVE-2021-20292 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. | |||||
| CVE-2021-3507 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-02-28 | 3.6 LOW | 6.1 MEDIUM |
| A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory. | |||||
| CVE-2021-1082 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7) | |||||
| CVE-2020-10729 | 2 Debian, Redhat | 3 Debian Linux, Ansible Engine, Enterprise Linux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6. | |||||
| CVE-2018-25011 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | |||||
| CVE-2021-3598 | 3 Debian, Openexr, Redhat | 3 Debian Linux, Openexr, Enterprise Linux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability. | |||||
| CVE-2020-14371 | 1 Redhat | 1 Satellite | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite. | |||||
| CVE-2021-3531 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. | |||||
| CVE-2021-3505 | 3 Fedoraproject, Libtpms Project, Redhat | 3 Fedora, Libtpms, Enterprise Linux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-20306 | 1 Redhat | 3 Descision Manager, Jbpm, Process Automation | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-3635 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-02-28 | 4.9 MEDIUM | 4.4 MEDIUM |
| A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands. | |||||
| CVE-2021-3559 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25716 | 1 Redhat | 1 Cloudforms | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected | |||||
| CVE-2021-20202 | 1 Redhat | 1 Keycloak | 2024-02-28 | 4.6 MEDIUM | 7.3 HIGH |
| A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
| CVE-2021-3448 | 4 Fedoraproject, Oracle, Redhat and 1 more | 4 Fedora, Communications Cloud Native Core Network Function Cloud Native Environment, Enterprise Linux and 1 more | 2024-02-28 | 4.3 MEDIUM | 4.0 MEDIUM |
| A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity. | |||||