Filtered by vendor Redhat
Subscriptions
Total
23064 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27219 | 6 Broadcom, Debian, Fedoraproject and 3 more | 15 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 12 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | ||||
| CVE-2021-27218 | 6 Broadcom, Debian, Fedoraproject and 3 more | 8 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | ||||
| CVE-2021-27135 | 4 Debian, Fedoraproject, Invisible-island and 1 more | 5 Debian Linux, Fedora, Xterm and 2 more | 2024-11-21 | 9.8 Critical |
| xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | ||||
| CVE-2021-27025 | 3 Fedoraproject, Puppet, Redhat | 8 Fedora, Puppet, Puppet Agent and 5 more | 2024-11-21 | 6.5 Medium |
| A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. | ||||
| CVE-2021-27023 | 3 Fedoraproject, Puppet, Redhat | 7 Fedora, Puppet Agent, Puppet Enterprise and 4 more | 2024-11-21 | 9.8 Critical |
| A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 | ||||
| CVE-2021-26927 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. | ||||
| CVE-2021-26926 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-11-21 | 7.1 High |
| A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. | ||||
| CVE-2021-26708 | 3 Linux, Netapp, Redhat | 13 Linux Kernel, 500f, A250 and 10 more | 2024-11-21 | 7.0 High |
| A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. | ||||
| CVE-2021-26701 | 3 Fedoraproject, Microsoft, Redhat | 8 Fedora, .net, .net Core and 5 more | 2024-11-21 | 8.1 High |
| .NET Core Remote Code Execution Vulnerability | ||||
| CVE-2021-26691 | 6 Apache, Debian, Fedoraproject and 3 more | 10 Http Server, Debian Linux, Fedora and 7 more | 2024-11-21 | 9.8 Critical |
| In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | ||||
| CVE-2021-26690 | 5 Apache, Debian, Fedoraproject and 2 more | 8 Http Server, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.5 High |
| Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service | ||||
| CVE-2021-26582 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso Dgfw, Windows and 1 more | 2024-11-21 | 6.1 Medium |
| A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). | ||||
| CVE-2021-26540 | 2 Apostrophecms, Redhat | 2 Sanitize-html, Openshift | 2024-11-21 | 5.3 Medium |
| Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com". | ||||
| CVE-2021-26539 | 2 Apostrophecms, Redhat | 2 Sanitize-html, Openshift | 2024-11-21 | 5.3 Medium |
| Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option. | ||||
| CVE-2021-26423 | 2 Microsoft, Redhat | 7 .net, .net Core, Powershell Core and 4 more | 2024-11-21 | 7.5 High |
| .NET Core and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2021-26401 | 2 Amd, Redhat | 255 A10-9600p, A10-9600p Firmware, A10-9630p and 252 more | 2024-11-21 | 5.6 Medium |
| LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | ||||
| CVE-2021-26341 | 2 Amd, Redhat | 255 A10-9600p, A10-9600p Firmware, A10-9630p and 252 more | 2024-11-21 | 6.5 Medium |
| Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | ||||
| CVE-2021-26291 | 4 Apache, Oracle, Quarkus and 1 more | 9 Maven, Financial Services Analytical Applications Infrastructure, Goldengate Big Data And Application Adapters and 6 more | 2024-11-21 | 9.1 Critical |
| Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html | ||||
| CVE-2021-26252 | 3 Fedoraproject, Htmldoc Project, Redhat | 3 Fedora, Htmldoc, Enterprise Linux | 2024-11-21 | 7.8 High |
| A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_prepare_page(),in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | ||||
| CVE-2021-26117 | 5 Apache, Debian, Netapp and 2 more | 10 Activemq, Activemq Artemis, Debian Linux and 7 more | 2024-11-21 | 7.5 High |
| The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. | ||||