ReportizFlow
Filtered by vendor Redhat
Subscriptions
Total
23239 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3856 | 1 Redhat | 2 Keycloak, Red Hat Single Sign On | 2024-11-21 | 4.3 Medium |
| ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available. | ||||
| CVE-2021-3839 | 3 Dpdk, Fedoraproject, Redhat | 4 Data Plane Development Kit, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. | ||||
| CVE-2021-3827 | 1 Redhat | 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more | 2024-11-21 | 6.8 Medium |
| A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. | ||||
| CVE-2021-3826 | 3 Fedoraproject, Gnu, Redhat | 4 Fedora, Gcc, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | ||||
| CVE-2021-3814 | 1 Redhat | 2 3scale, 3scale Amp | 2024-11-21 | 7.5 High |
| It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure. | ||||
| CVE-2021-3807 | 3 Ansi-regex Project, Oracle, Redhat | 10 Ansi-regex, Communications Cloud Native Core Policy, Acm and 7 more | 2024-11-21 | 7.5 High |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3805 | 3 Debian, Object-path Project, Redhat | 3 Debian Linux, Object-path, Acm | 2024-11-21 | 7.5 High |
| object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | ||||
| CVE-2021-3802 | 3 Fedoraproject, Redhat, Udisks Project | 3 Fedora, Enterprise Linux, Udisks | 2024-11-21 | 4.2 Medium |
| A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3801 | 2 Prismjs, Redhat | 2 Prism, Advanced Cluster Security | 2024-11-21 | 6.5 Medium |
| prism is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3800 | 4 Debian, Gnome, Netapp and 1 more | 4 Debian Linux, Glib, Active Iq Unified Manager and 1 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. | ||||
| CVE-2021-3798 | 2 Opencryptoki Project, Redhat | 2 Opencryptoki, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. | ||||
| CVE-2021-3796 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 7.3 High |
| vim is vulnerable to Use After Free | ||||
| CVE-2021-3795 | 2 Redhat, Semver-regex Project | 2 Acm, Semver-regex | 2024-11-21 | 7.5 High |
| semver-regex is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3778 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 7.8 High |
| vim is vulnerable to Heap-based Buffer Overflow | ||||
| CVE-2021-3772 | 5 Debian, Linux, Netapp and 2 more | 26 Debian Linux, Linux Kernel, E-series Santricity Os Controller and 23 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. | ||||
| CVE-2021-3765 | 2 Redhat, Validator Project | 2 Openshift Data Foundation, Validator | 2024-11-21 | 7.5 High |
| validator.js is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3764 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3763 | 1 Redhat | 1 Amq Broker | 2024-11-21 | 4.3 Medium |
| A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity. | ||||
| CVE-2021-3762 | 1 Redhat | 2 Clair, Quay | 2024-11-21 | 9.8 Critical |
| A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. | ||||
| CVE-2021-3759 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. | ||||