Filtered by vendor Redhat
Subscriptions
Total
23068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43546 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 4.3 Medium |
| It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43545 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43543 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.1 Medium |
| Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43542 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43541 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43539 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 8.8 High |
| Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43538 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 4.3 Medium |
| By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43537 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 8.8 High |
| An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43536 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43535 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-11-21 | 8.8 High |
| A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. | ||||
| CVE-2021-43534 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-11-21 | 8.8 High |
| Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | ||||
| CVE-2021-43528 | 3 Debian, Mozilla, Redhat | 5 Debian Linux, Thunderbird, Enterprise Linux and 2 more | 2024-11-21 | 6.5 Medium |
| Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. | ||||
| CVE-2021-43527 | 5 Mozilla, Netapp, Oracle and 2 more | 17 Nss, Nss Esr, Cloud Backup and 14 more | 2024-11-21 | 9.8 Critical |
| NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1. | ||||
| CVE-2021-43519 | 3 Fedoraproject, Lua, Redhat | 4 Fedora, Lua, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. | ||||
| CVE-2021-43389 | 4 Debian, Linux, Oracle and 1 more | 6 Debian Linux, Linux Kernel, Communications Cloud Native Core Binding Support Function and 3 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. | ||||
| CVE-2021-43267 | 4 Fedoraproject, Linux, Netapp and 1 more | 19 Fedora, Linux Kernel, H300e and 16 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. | ||||
| CVE-2021-43138 | 3 Async Project, Fedoraproject, Redhat | 4 Async, Fedora, Rhmt and 1 more | 2024-11-21 | 7.8 High |
| In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. | ||||
| CVE-2021-43056 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. | ||||
| CVE-2021-42771 | 3 Debian, Pocoo, Redhat | 4 Debian Linux, Babel, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. | ||||
| CVE-2021-42762 | 5 Debian, Fedoraproject, Redhat and 2 more | 5 Debian Linux, Fedora, Rhel Els and 2 more | 2024-11-21 | 5.3 Medium |
| BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133. | ||||