Filtered by vendor Redhat
Subscriptions
Filtered by product Enterprise Linux
Subscriptions
Total
15606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28210 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-11-21 | 7.8 High |
| An unlimited recursion in DxeCore in EDK II. | ||||
| CVE-2021-28153 | 5 Broadcom, Debian, Fedoraproject and 2 more | 5 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) | ||||
| CVE-2021-28116 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 3.7 Low |
| Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. | ||||
| CVE-2021-28091 | 4 Debian, Entrouvert, Fedoraproject and 1 more | 4 Debian Linux, Lasso, Fedora and 1 more | 2024-11-21 | 7.5 High |
| Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. | ||||
| CVE-2021-27928 | 5 Debian, Galeracluster, Mariadb and 2 more | 8 Debian Linux, Wsrep, Mariadb and 5 more | 2024-11-21 | 7.2 High |
| A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. | ||||
| CVE-2021-27918 | 2 Golang, Redhat | 4 Go, Enterprise Linux, Openshift Container Storage and 1 more | 2024-11-21 | 7.5 High |
| encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. | ||||
| CVE-2021-27365 | 5 Debian, Linux, Netapp and 2 more | 12 Debian Linux, Linux Kernel, Solidfire Baseboard Management Controller and 9 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. | ||||
| CVE-2021-27364 | 6 Canonical, Debian, Linux and 3 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2024-11-21 | 7.1 High |
| An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. | ||||
| CVE-2021-27363 | 4 Debian, Linux, Netapp and 1 more | 10 Debian Linux, Linux Kernel, Cloud Backup and 7 more | 2024-11-21 | 4.4 Medium |
| An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. | ||||
| CVE-2021-27358 | 3 Grafana, Netapp, Redhat | 4 Grafana, E-series Performance Analyzer, Acm and 1 more | 2024-11-21 | 7.5 High |
| The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | ||||
| CVE-2021-27291 | 4 Debian, Fedoraproject, Pygments and 1 more | 6 Debian Linux, Fedora, Pygments and 3 more | 2024-11-21 | 7.5 High |
| In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | ||||
| CVE-2021-27290 | 4 Oracle, Redhat, Siemens and 1 more | 6 Graalvm, Enterprise Linux, Rhel Eus and 3 more | 2024-11-21 | 7.5 High |
| ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option. | ||||
| CVE-2021-27219 | 6 Broadcom, Debian, Fedoraproject and 3 more | 15 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 12 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | ||||
| CVE-2021-27218 | 6 Broadcom, Debian, Fedoraproject and 3 more | 8 Brocade Fabric Operating System Firmware, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | ||||
| CVE-2021-27135 | 4 Debian, Fedoraproject, Invisible-island and 1 more | 5 Debian Linux, Fedora, Xterm and 2 more | 2024-11-21 | 9.8 Critical |
| xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | ||||
| CVE-2021-26927 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in jasper before 2.0.25. A null pointer dereference in jp2_decode in jp2_dec.c may lead to program crash and denial of service. | ||||
| CVE-2021-26926 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-11-21 | 7.1 High |
| A flaw was found in jasper before 2.0.25. An out of bounds read issue was found in jp2_decode function whic may lead to disclosure of information or program crash. | ||||
| CVE-2021-26708 | 3 Linux, Netapp, Redhat | 13 Linux Kernel, 500f, A250 and 10 more | 2024-11-21 | 7.0 High |
| A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support. | ||||
| CVE-2021-26701 | 3 Fedoraproject, Microsoft, Redhat | 8 Fedora, .net, .net Core and 5 more | 2024-11-21 | 8.1 High |
| .NET Core Remote Code Execution Vulnerability | ||||
| CVE-2021-26691 | 6 Apache, Debian, Fedoraproject and 3 more | 10 Http Server, Debian Linux, Fedora and 7 more | 2024-11-21 | 9.8 Critical |
| In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow | ||||