Filtered by vendor Redhat
Subscriptions
Total
23068 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3584 | 2 Redhat, Theforeman | 4 Satellite, Satellite Capsule, Satellite Utils and 1 more | 2024-11-21 | 7.2 High |
| A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0. | ||||
| CVE-2021-3583 | 1 Redhat | 3 Ansible Automation Platform, Ansible Engine, Ansible Tower | 2024-11-21 | 7.1 High |
| A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity. | ||||
| CVE-2021-3580 | 4 Debian, Netapp, Nettle Project and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Nettle and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. | ||||
| CVE-2021-3573 | 3 Fedoraproject, Linux, Redhat | 4 Fedora, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 6.4 Medium |
| A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. | ||||
| CVE-2021-3572 | 3 Oracle, Pypa, Redhat | 6 Agile Plm, Communications Cloud Native Core Network Function Cloud Native Environment, Communications Cloud Native Core Policy and 3 more | 2024-11-21 | 5.7 Medium |
| A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. | ||||
| CVE-2021-3571 | 3 Fedoraproject, Linuxptp Project, Redhat | 3 Fedora, Linuxptp, Enterprise Linux | 2024-11-21 | 7.1 High |
| A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1. | ||||
| CVE-2021-3570 | 4 Debian, Fedoraproject, Linuxptp Project and 1 more | 8 Debian Linux, Fedora, Linuxptp and 5 more | 2024-11-21 | 8.8 High |
| A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1. | ||||
| CVE-2021-3569 | 2 Libtpms Project, Redhat | 2 Libtpms, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3565 | 3 Fedoraproject, Redhat, Tpm2-tools Project | 3 Fedora, Enterprise Linux, Tpm2-tools | 2024-11-21 | 5.9 Medium |
| A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-3564 | 4 Debian, Fedoraproject, Linux and 1 more | 5 Debian Linux, Fedora, Linux Kernel and 2 more | 2024-11-21 | 5.5 Medium |
| A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. | ||||
| CVE-2021-3559 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2024-11-21 | 6.5 Medium |
| A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It only affects hosts with a PCI device and driver that supports mediated devices (e.g., GRID driver). This flaw could be used by an unprivileged client with a read-only connection to crash the libvirt daemon by executing the 'nodedev-list' virsh command. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3557 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 6.5 Medium |
| A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and with the created ServiceAccount argocd-argocd-server, the unprivileged user is able to read all resources of the cluster including all secrets which might enable privilege escalations. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-3551 | 4 Dogtagpki, Fedoraproject, Oracle and 1 more | 12 Dogtagpki, Fedora, Linux and 9 more | 2024-11-21 | 7.8 High |
| A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-3543 | 3 Fedoraproject, Nitro Enclaves Project, Redhat | 3 Fedora, Nitro Enclaves, Enterprise Linux | 2024-11-21 | 6.7 Medium |
| A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system. | ||||
| CVE-2021-3541 | 4 Netapp, Oracle, Redhat and 1 more | 29 Active Iq Unified Manager, Cloud Backup, Clustered Data Ontap and 26 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | ||||
| CVE-2021-3537 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Active Iq Unified Manager and 18 more | 2024-11-21 | 5.9 Medium |
| A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3536 | 1 Redhat | 12 Build Of Quarkus, Data Grid, Descision Manager and 9 more | 2024-11-21 | 4.8 Medium |
| A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. | ||||
| CVE-2021-3531 | 2 Fedoraproject, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | 5.3 Medium |
| A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET Request for a swift URL that ends with two slashes it can cause the rgw to crash, resulting in a denial of service. The greatest threat to the system is of availability. | ||||
| CVE-2021-3529 | 1 Redhat | 3 Noobaa-operator, Openshift Container Platform, Openshift Container Storage | 2024-11-21 | 7.1 High |
| A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. | ||||
| CVE-2021-3528 | 1 Redhat | 2 Noobaa-operator, Openshift Container Storage | 2024-11-21 | 8.8 High |
| A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the log files could use this AuthToken to gain additional access into noobaa deployment and can read/modify system configuration. | ||||