Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15491 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20199 | 2 Podman Project, Redhat | 2 Podman, Enterprise Linux | 2024-11-21 | 5.9 Medium |
| Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards. | ||||
| CVE-2021-20197 | 4 Broadcom, Gnu, Netapp and 1 more | 6 Brocade Fabric Operating System Firmware, Binutils, Cloud Backup and 3 more | 2024-11-21 | 6.3 Medium |
| There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | ||||
| CVE-2021-20196 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-11-21 | 6.5 Medium |
| A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs while processing read/write ioport commands if the selected floppy drive is not initialized with a block device. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-20194 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Openshift Container Platform | 2024-11-21 | 7.8 High |
| There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. | ||||
| CVE-2021-20188 | 2 Podman Project, Redhat | 5 Podman, Enterprise Linux, Openshift Container Platform and 2 more | 2024-11-21 | 7.0 High |
| A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20179 | 3 Dogtagpki, Fedoraproject, Redhat | 5 Dogtagpki, Fedora, Certificate System and 2 more | 2024-11-21 | 8.1 High |
| A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-1998 | 4 Fedoraproject, Netapp, Oracle and 1 more | 10 Fedora, Active Iq Unified Manager, Oncommand Insight and 7 more | 2024-11-21 | 3.8 Low |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L). | ||||
| CVE-2021-1844 | 4 Apple, Debian, Fedoraproject and 1 more | 10 Ipados, Iphone Os, Macos and 7 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-1826 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 6.1 Medium |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2021-1825 | 2 Apple, Redhat | 10 Icloud, Ipados, Iphone Os and 7 more | 2024-11-21 | 6.1 Medium |
| An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. | ||||
| CVE-2021-1820 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 6.5 Medium |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may result in the disclosure of process memory. | ||||
| CVE-2021-1817 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-1801 | 4 Apple, Fedoraproject, Redhat and 1 more | 9 Ipad Os, Iphone Os, Macos and 6 more | 2024-11-21 | 6.5 Medium |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. | ||||
| CVE-2021-1799 | 4 Apple, Fedoraproject, Redhat and 1 more | 10 Ipad Os, Iphone Os, Macos and 7 more | 2024-11-21 | 6.5 Medium |
| A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers. | ||||
| CVE-2021-1788 | 4 Apple, Debian, Fedoraproject and 1 more | 11 Ipados, Iphone Os, Mac Os X and 8 more | 2024-11-21 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2021-1765 | 4 Apple, Fedoraproject, Redhat and 1 more | 6 Mac Os X, Macos, Fedora and 3 more | 2024-11-21 | 6.5 Medium |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. | ||||
| CVE-2021-1723 | 3 Fedoraproject, Microsoft, Redhat | 5 Fedora, Asp.net Core, Visual Studio 2019 and 2 more | 2024-11-21 | 7.5 High |
| ASP.NET Core and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2021-1721 | 2 Microsoft, Redhat | 7 .net, .net Core, Powershell Core and 4 more | 2024-11-21 | 6.5 Medium |
| .NET Core and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2021-0941 | 2 Google, Redhat | 2 Android, Enterprise Linux | 2024-11-21 | 6.7 Medium |
| In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel | ||||
| CVE-2021-0605 | 2 Google, Redhat | 2 Android, Enterprise Linux | 2024-11-21 | 4.4 Medium |
| In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476 | ||||