redhat/enterprise_linux: The latest CVE Vulnerabilities and Exploits for Penetration Test
redhat/enterprise_linux Vulnerability Summary
- Vendor name: redhat
- Product name: enterprise_linux
- Total vulnerabilities: 2390 (as 2023-05-04)
redhat/enterprise_linux Vulnerability List
CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in…
Published: 2022-02-04T23:15:00 Last Modified: 2022-02-09T20:00:00
Summary
A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2022-0487 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2044561
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4154: A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux…
Published: 2022-02-04T23:15:00 Last Modified: 2022-02-10T02:31:00
Summary
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel’s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-4154 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2034514
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4034: A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec…
Published: 2022-01-28T20:15:00 Last Modified: 2022-01-31T17:50:00
Summary
A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Exploits Database (Total Exploits Count: 1)
Code designed for conducting penetration testing on CVE-2021-4034 vulnerability.
References
- https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
- https://bugzilla.redhat.com/show_bug.cgi?id=2025869
- https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4145: A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to…
Published: 2022-01-25T20:15:00 Last Modified: 2022-02-01T15:03:00
Summary
A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The self pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it’s not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-4145 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2034602
- https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-45417: AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such…
Published: 2022-01-20T18:15:00 Last Modified: 2022-01-26T19:49:00
Summary
AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-45417 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2022/01/20/3
- http://www.openwall.com/lists/oss-security/2022/01/20/3
- https://www.debian.org/security/2022/dsa-5051
- https://lists.debian.org/debian-lts-announce/2022/01/msg00024.html
- https://www.ipi.fi/pipermail/aide/2022-January/001713.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2022-21682: Flatpak is a Linux application sandboxing and distribution framework. A path traversal…
Published: 2022-01-13T21:15:00 Last Modified: 2022-02-10T07:52:00
Summary
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the manifest, so running flatpak build against it will gain those permissions. Normally this will not be done, so this is not problem. However, if --mirror-screenshots-url is specified, then flatpak-builder will launch flatpak build --nofilesystem=host appstream-utils mirror-screenshots after finalization, which can lead to issues even with the --nofilesystem=host protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the appstream-util binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of --nofilesystem=home and --nofilesystem=host.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2022-21682 vulnerability.
References
- https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
- https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa
- https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH/
- https://www.debian.org/security/2022/dsa-5049
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXKBERLJRYV7KXKGXOLI6IOXVBQNN4DP/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-43860: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3…
Published: 2022-01-12T22:15:00 Last Modified: 2022-02-10T15:03:00
Summary
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn’t properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there’s a null byte in the metadata file of an app. Therefore apps can grant themselves permissions without the consent of the user. Flatpak shows permissions to the user during install by reading them from the “xa.metadata” key in the commit metadata. This cannot contain a null terminator, because it is an untrusted GVariant. Flatpak compares these permissions to the actual metadata, from the “metadata” file to ensure it wasn’t lied to. However, the actual metadata contents are loaded in several places where they are read as simple C-style strings. That means that, if the metadata file includes a null terminator, only the content of the file from before the terminator gets compared to xa.metadata. Thus, any permissions that appear in the metadata file after a null terminator are applied at runtime but not shown to the user. So maliciously crafted apps can give themselves hidden permissions. Users who have Flatpaks installed from untrusted sources are at risk in case the Flatpak has a maliciously crafted metadata file, either initially or in an update. This issue is patched in versions 1.12.3 and 1.10.6. As a workaround, users can manually check the permissions of installed apps by checking the metadata file or the xa.metadata key on the commit metadata.
Common Weakness Enumeration (CWE): CWE-276: Incorrect Default Permissions
CWE Description: During installation, installed file permissions are set to allow anyone to modify those files.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-43860 vulnerability.
References
- https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee
- https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042
- https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451
- https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e
- https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
- https://github.com/flatpak/flatpak/commit/54ec1a482dfc668127eaae57f135e6a8e0bc52da
- https://github.com/flatpak/flatpak/releases/tag/1.12.3
- https://github.com/flatpak/flatpak/releases/tag/1.10.6
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APFTBYGJJVJPFVHRXUW5PII5XOAFI4KH/
- https://www.debian.org/security/2022/dsa-5049
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-41819: CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also…
Published: 2022-01-01T06:15:00 Last Modified: 2022-02-11T15:32:00
Summary
CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby.
Common Weakness Enumeration (CWE): CWE-565: Reliance on Cookies without Validation and Integrity Checking
CWE Description: The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-41819 vulnerability.
References
- https://hackerone.com/reports/910552
- https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/
- https://security.netapp.com/advisory/ntap-20220121-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-41817: Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of…
Published: 2022-01-01T05:15:00 Last Modified: 2022-01-11T21:31:00
Summary
Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-41817 vulnerability.
References
- https://hackerone.com/reports/1254844
- https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4166: vim is vulnerable to Out-of-bounds Read
Published: 2021-12-25T19:15:00 Last Modified: 2022-02-04T15:45:00
Summary
vim is vulnerable to Out-of-bounds Read
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-4166 vulnerability.
References
- https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035
- https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EY2VFBU3YGGWI5BW4XKT3F37MYGEQUD/
- http://www.openwall.com/lists/oss-security/2022/01/15/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3FH2J57GDA2WMBS6J56F6QQRA6BXQQFZ/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3621: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via…
Published: 2021-12-23T21:15:00 Last Modified: 2022-01-07T16:18:00
Summary
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
CWE Description: The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Scores
- Impact Score: 10.0
- Exploitability Score: 8.6
- CVSS: 9.3
- CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3621 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3622: A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted…
Published: 2021-12-23T21:15:00 Last Modified: 2022-01-10T13:37:00
Summary
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3622 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1975489
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/USD4OEV6L3RPHE32V2MJ4JPFBODINWSU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S35TVTAPHORSUIFYNFBHKLQRPVFUPXBE/
- https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255
- https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4024: A flaw was found in podman. The podman machine function (used to create and manage Podman…
Published: 2021-12-23T20:15:00 Last Modified: 2022-02-08T03:15:00
Summary
A flaw was found in podman. The podman machine function (used to create and manage Podman virtual machine containing a Podman process) spawns a gvproxy process on the host system. The gvproxy API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host’s firewall, an attacker can potentially use the gvproxy API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host’s services by forwarding all ports to the VM.
Common Weakness Enumeration (CWE): CWE-346: Origin Validation Error
CWE Description: The software does not properly verify that the source of data or communication is valid.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-4024 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2026675 ,
- https://github.com/containers/podman/releases/tag/v3.4.3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command…
Published: 2021-12-23T06:15:00 Last Modified: 2022-02-07T19:13:00
Summary
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-45463 vulnerability.
References
- https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b
- https://gitlab.gnome.org/GNOME/gegl/-/blob/master/docs/NEWS.adoc
- https://gitlab.gnome.org/GNOME/gimp/-/commit/e8a31ba4f2ce7e6bc34882dc27c97fba993f5868
- https://www.gimp.org/news/2021/12/21/gimp-2-10-30-released/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CG635WJCNXHJM5U4BGMAAP4NK2YFTQXK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP5NDNOTMPI335FXE7VUPW7FXYTT7PYN/
- https://gitlab.gnome.org/GNOME/gegl/-/issues/298
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-44733: A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through…
Published: 2021-12-22T17:15:00 Last Modified: 2022-01-14T07:15:00
Summary
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-44733 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c
- https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander@linaro.org/
- https://github.com/pjlantz/optee-qemu/blob/main/README.md
- https://security.netapp.com/advisory/ntap-20220114-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-45078: stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a…
Published: 2021-12-15T20:15:00 Last Modified: 2022-01-10T14:10:00
Summary
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-45078 vulnerability.
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=28694
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/
- https://security.netapp.com/advisory/ntap-20220107-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has…
Published: 2021-12-14T12:15:00 Last Modified: 2022-02-07T16:16:00
Summary
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
Common Weakness Enumeration (CWE): CWE-502: Deserialization of Untrusted Data
CWE Description: The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
Scores
- Impact Score: 6.4
- Exploitability Score: 6.8
- CVSS: 6.0
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-4104 vulnerability.
References
- https://access.redhat.com/security/cve/CVE-2021-4104
- https://www.cve.org/CVERecord?id=CVE-2021-44228
- https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
- https://www.kb.cert.org/vuls/id/930724
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033
- https://security.netapp.com/advisory/ntap-20211223-0007/
- http://www.openwall.com/lists/oss-security/2022/01/18/3
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-4048: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in…
Published: 2021-12-08T22:15:00 Last Modified: 2022-01-04T16:09:00
Summary
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-4048 vulnerability.
References
- https://github.com/JuliaLang/julia/issues/42415
- https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41
- https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c
- https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7
- https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
- https://github.com/Reference-LAPACK/lapack/pull/625
- https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3802: A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image…
Published: 2021-11-29T16:15:00 Last Modified: 2021-12-01T15:44:00
Summary
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.9
- Exploitability Score: 6.8
- CVSS: 6.3
- CVSS Vector: AV:N/AC:M/Au:S/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3802 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2003649
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3672: A flaw was found in c-ares library, where a missing input validation check of host names returned…
Published: 2021-11-23T19:15:00 Last Modified: 2021-12-14T18:29:00
Summary
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE Description: The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3672 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3935: When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can…
Published: 2021-11-22T16:15:00 Last Modified: 2022-02-14T15:15:00
Summary
When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.
Common Weakness Enumeration (CWE): CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE Description: The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Scores
- Impact Score: 6.4
- Exploitability Score: 4.9
- CVSS: 5.1
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3935 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2021251
- http://www.pgbouncer.org/changelog.html#pgbouncer-116x
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNPCV3KRDI5PLLLKADFVIOHACQJLZMLI/
- https://lists.debian.org/debian-lts-announce/2022/02/msg00016.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-43389: An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds…
Published: 2021-11-04T19:15:00 Last Modified: 2021-12-17T01:15:00
Summary
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-43389 vulnerability.
References
- https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/
- https://seclists.org/oss-sec/2021/q4/39
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15
- https://bugzilla.redhat.com/show_bug.cgi?id=2013180
- http://www.openwall.com/lists/oss-security/2021/11/05/1
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3746: A flaw was found in the libtpms code that may cause access beyond the boundary of internal…
Published: 2021-10-19T15:15:00 Last Modified: 2021-10-22T20:28:00
Summary
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2’s volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3746 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-32672: Redis is an open source, in-memory database that persists on disk. When using the Redis Lua…
Published: 2021-10-04T18:15:00 Last Modified: 2021-11-28T23:16:00
Summary
Redis is an open source, in-memory database that persists on disk. When using the Redis Lua Debugger, users can send malformed requests that cause the debugger’s protocol parser to read data beyond the actual buffer. This issue affects all versions of Redis with Lua debugging support (3.2 or newer). The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-32672 vulnerability.
References
- https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm
- https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae1dd
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL5KXFN3ATM7IIM7Q4O4PWTSRGZ5744Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HTYQ5ZF37HNGTZWVNJD3VXP7I6MEEF42/
- https://security.netapp.com/advisory/ntap-20211104-0003/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WR5WKJWXD4D6S3DJCZ56V74ESLTDQRAB/
- https://www.debian.org/security/2021/dsa-5001
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3653: A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs…
Published: 2021-09-29T20:15:00 Last Modified: 2022-01-06T20:15:00
Summary
A flaw was found in the KVM’s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “int_ctl” field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 8.5
- Exploitability Score: 3.9
- CVSS: 6.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3653 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2021/08/16/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1983686
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-39251: A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G <…
Published: 2021-09-07T15:15:00 Last Modified: 2021-11-29T21:29:00
Summary
A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-39251 vulnerability.
References
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- https://bugzilla.redhat.com/show_bug.cgi?id=2001649
- http://www.openwall.com/lists/oss-security/2021/08/30/1
- https://github.com/tuxera/ntfs-3g/releases
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386
- https://www.debian.org/security/2021/dsa-4971
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-33285: In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the…
Published: 2021-09-07T14:15:00 Last Modified: 2021-11-29T21:36:00
Summary
In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by mounting a crafted ntfs partition. The root cause is a missing consistency check after reading an MFT record : the “bytes_in_use” field should be less than the “bytes_allocated” field. When it is not, the parsing of the records proceeds into the wild.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-33285 vulnerability.
References
- https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp
- https://bugzilla.redhat.com/show_bug.cgi?id=2001608
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988386
- https://www.openwall.com/lists/oss-security/2021/08/30/1
- http://www.openwall.com/lists/oss-security/2021/08/30/1
- https://www.debian.org/security/2021/dsa-4971
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/766ISTT3KCARKFUIQT7N6WV6T63XOKG3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSEKTKHO5HFZHWZNJNBJZA56472KRUZI/
- https://lists.debian.org/debian-lts-announce/2021/11/msg00013.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3634: A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two…
Published: 2021-08-31T17:15:00 Last Modified: 2022-02-07T16:16:00
Summary
A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating “secret_hash” of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3634 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1978810
- https://www.debian.org/security/2021/dsa-4965
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVWAAB2XMKEUMPMDALINKAA4U2QM4LNG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKYD3ZRAMDAQX3ZW6THHUF3GXN7FF6B4/
- https://security.netapp.com/advisory/ntap-20211004-0003/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DRK67AJCWYYVAGF5SGAHNZXCX3PN3ZFP/
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-40153: squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory…
Published: 2021-08-27T15:15:00 Last Modified: 2021-10-07T17:48:00
Summary
squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.
Common Weakness Enumeration (CWE): CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE Description: The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-40153 vulnerability.
References
- https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
- https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646
- https://github.com/plougher/squashfs-tools/issues/72
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/
- https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html
- https://www.debian.org/security/2021/dsa-4967
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3605: There’s a flaw in OpenEXR’s rleUncompress functionality in versions prior to 3.0.5. An attacker…
Published: 2021-08-25T19:15:00 Last Modified: 2021-09-01T02:04:00
Summary
There’s a flaw in OpenEXR’s rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3605 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3573: A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found…
Published: 2021-08-13T14:15:00 Last Modified: 2021-08-24T19:21:00
Summary
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3573 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1966578
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52
- https://www.openwall.com/lists/oss-security/2021/06/08/2
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3635: A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A…
Published: 2021-08-13T14:15:00 Last Modified: 2021-08-23T20:33:00
Summary
A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3635 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can…
Published: 2021-08-12T15:15:00 Last Modified: 2021-12-02T20:40:00
Summary
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20314 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1993070
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-38160: ** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data…
Published: 2021-08-07T04:15:00 Last Modified: 2022-01-01T17:58:00
Summary
** DISPUTED ** In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-38160 vulnerability.
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46
- https://access.redhat.com/security/cve/cve-2021-38160
- https://security.netapp.com/advisory/ntap-20210902-0010/
- https://www.debian.org/security/2021/dsa-4978
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3580: A flaw was found in the way nettle’s RSA decryption functions handled specially crafted…
Published: 2021-08-05T21:15:00 Last Modified: 2021-11-26T21:06:00
Summary
A flaw was found in the way nettle’s RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3580 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1967983
- https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
- https://security.netapp.com/advisory/ntap-20211104-0006/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3655: A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size…
Published: 2021-08-05T21:15:00 Last Modified: 2022-01-01T17:58:00
Summary
A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
Common Weakness Enumeration (CWE): CWE-909: Missing Initialization of Resource
CWE Description: The software does not initialize a critical resource.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3655 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1984024
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3682: A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2….
Published: 2021-08-05T20:15:00 Last Modified: 2021-10-18T12:20:00
Summary
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host.
Common Weakness Enumeration (CWE): CWE-763: Release of Invalid Pointer or Reference
CWE Description: The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
Scores
- Impact Score: 6.4
- Exploitability Score: 6.8
- CVSS: 6.0
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3682 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1989651
- https://security.netapp.com/advisory/ntap-20210902-0006/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
- https://www.debian.org/security/2021/dsa-4980
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3679: A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to…
Published: 2021-08-05T20:15:00 Last Modified: 2022-01-01T17:58:00
Summary
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3679 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a
- https://bugzilla.redhat.com/show_bug.cgi?id=1989165
- https://www.debian.org/security/2021/dsa-4978
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3570: A flaw was found in the ptp4l program of the linuxptp package. A missing length check when…
Published: 2021-07-09T11:15:00 Last Modified: 2021-09-14T14:42:00
Summary
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 8.5
- Exploitability Score: 8.0
- CVSS: 8.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3570 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1966240
- https://www.debian.org/security/2021/dsa-4938
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/
- https://lists.debian.org/debian-lts-announce/2021/07/msg00025.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3571: A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a…
Published: 2021-07-09T11:15:00 Last Modified: 2021-09-14T14:43:00
Summary
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.0
- CVSS: 5.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3571 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1966241
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3612: An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in…
Published: 2021-07-09T11:15:00 Last Modified: 2021-12-17T01:15:00
Summary
An out-of-bounds memory write flaw was found in the Linux kernel’s joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3612 vulnerability.
References
- https://lore.kernel.org/linux-input/20210620120030.1513655-1-avlarkin82@gmail.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=1974079
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YKGI562LFV5MESTMVTCG5RORSBT6NGBN/
- https://security.netapp.com/advisory/ntap-20210805-0005/
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3598: There’s a flaw in OpenEXR’s ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An…
Published: 2021-07-06T15:15:00 Last Modified: 2021-07-09T15:45:00
Summary
There’s a flaw in OpenEXR’s ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3598 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3592: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….
Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T18:04:00
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘bootp_t’ structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer
CWE Description: The program accesses or uses a pointer that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3592 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970484
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://security.gentoo.org/glsa/202107-44
- https://security.netapp.com/advisory/ntap-20210805-0004/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
- https://lists.debian.org/debian-lts-announce/2021/09/msg00004.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3593: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….
Published: 2021-06-15T21:15:00 Last Modified: 2021-09-20T13:52:00
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer
CWE Description: The program accesses or uses a pointer that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3593 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970487
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://security.gentoo.org/glsa/202107-44
- https://security.netapp.com/advisory/ntap-20210805-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3594: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….
Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T18:04:00
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the ‘udphdr’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer
CWE Description: The program accesses or uses a pointer that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3594 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970491
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://security.gentoo.org/glsa/202107-44
- https://security.netapp.com/advisory/ntap-20210805-0004/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3595: An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU….
Published: 2021-06-15T21:15:00 Last Modified: 2021-09-21T17:01:00
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the ’tftp_t’ structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Common Weakness Enumeration (CWE): CWE-824: Access of Uninitialized Pointer
CWE Description: The program accesses or uses a pointer that has not been initialized.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3595 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1970489
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/
- https://security.gentoo.org/glsa/202107-44
- https://security.netapp.com/advisory/ntap-20210805-0004/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-0129: Improper access control in BlueZ may allow an authenticated user to potentially enable…
Published: 2021-06-09T20:15:00 Last Modified: 2021-11-29T17:59:00
Summary
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 2.9
- Exploitability Score: 5.1
- CVSS: 2.7
- CVSS Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2021-0129 vulnerability.
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html
- https://security.netapp.com/advisory/ntap-20210716-0002/
- https://www.debian.org/security/2021/dsa-4951
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3532: A flaw was found in Ansible where the secret information present in async_files are getting…
Published: 2021-06-09T12:15:00 Last Modified: 2021-06-21T16:54:00
Summary
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3532 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3533: A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a…
Published: 2021-06-09T12:15:00 Last Modified: 2021-06-17T17:21:00
Summary
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Common Weakness Enumeration (CWE): CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CWE Description: The software checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.
Scores
- Impact Score: 2.9
- Exploitability Score: 1.9
- CVSS: 1.2
- CVSS Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3533 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3565: A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a…
Published: 2021-06-04T12:15:00 Last Modified: 2021-12-02T13:55:00
Summary
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-665: Improper Initialization
CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3565 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1964427
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESY6HRYUKR5ZG2K5QAJQC5S6HMKZMFK7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XK5M7I66PBXSN663TSLAZ3V6TWWFCV7C/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3569: A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while…
Published: 2021-06-03T12:15:00 Last Modified: 2021-06-14T17:36:00
Summary
A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3569 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-10742: A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to…
Published: 2021-06-02T11:15:00 Last Modified: 2021-06-11T12:25:00
Summary
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-10742 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-32027: A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17…
Published: 2021-06-01T14:15:00 Last Modified: 2021-09-14T17:38:00
Summary
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.0
- CVSS: 6.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-32027 vulnerability.
References
- https://www.postgresql.org/support/security/CVE-2021-32027/
- https://bugzilla.redhat.com/show_bug.cgi?id=1956876
- https://security.netapp.com/advisory/ntap-20210713-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3516: There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit…
Published: 2021-06-01T14:15:00 Last Modified: 2022-02-07T16:16:00
Summary
There’s a flaw in libxml2’s xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3516 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1954225
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/230
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
- https://security.gentoo.org/glsa/202107-05
- https://security.netapp.com/advisory/ntap-20210716-0005/
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3543: A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that…
Published: 2021-06-01T14:15:00 Last Modified: 2021-06-11T19:14:00
Summary
A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3543 vulnerability.
References
- https://lore.kernel.org/lkml/20210429165941.27020-1-andraprs@amazon.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=1953022
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20201: A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote…
Published: 2021-05-28T11:15:00 Last Modified: 2021-06-04T15:34:00
Summary
A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20201 vulnerability.
References
- https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
- https://bugzilla.redhat.com/show_bug.cgi?id=1921846
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20236: A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious…
Published: 2021-05-28T11:15:00 Last Modified: 2021-06-02T15:35:00
Summary
A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20236 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1921976
- https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20239: A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw…
Published: 2021-05-28T11:15:00 Last Modified: 2021-06-02T15:28:00
Summary
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.
Common Weakness Enumeration (CWE): CWE-822: Untrusted Pointer Dereference
CWE Description: The program obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20239 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20292: There is a flaw reported in the Linux kernel in versions before 5.9 in…
Published: 2021-05-28T11:15:00 Last Modified: 2021-06-23T02:15:00
Summary
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20292 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939686
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a…
Published: 2021-05-28T11:15:00 Last Modified: 2021-09-14T17:38:00
Summary
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25710 vulnerability.
References
- https://lists.debian.org/debian-lts-announce/2020/12/msg00008.html
- https://git.openldap.org/openldap/openldap/-/commit/ab3915154e69920d480205b4bf5ccb2b391a0a1f#a2feb6ed0257c21c6672793ee2f94eaadc10c72c
- https://www.debian.org/security/2020/dsa-4792
- https://bugzilla.redhat.com/show_bug.cgi?id=1899678
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210716-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14301: An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP…
Published: 2021-05-27T20:15:00 Last Modified: 2021-06-29T10:15:00
Summary
An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows an attacker to access potentially sensitive information in the domain configuration via the dumpxml command.
Common Weakness Enumeration (CWE): CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer
CWE Description: The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-14301 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1848640
- https://security.netapp.com/advisory/ntap-20210629-0007/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-1702: A malicious container image can consume an unbounded amount of memory when being pulled to a…
Published: 2021-05-27T20:15:00 Last Modified: 2021-06-10T15:16:00
Summary
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-1702 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30501: An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow…
Published: 2021-05-27T00:15:00 Last Modified: 2021-06-08T01:59:00
Summary
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30501 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1948696
- https://github.com/upx/upx/issues/486
- https://github.com/upx/upx/pull/487
- https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30500: Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version…
Published: 2021-05-27T00:15:00 Last Modified: 2021-06-08T02:05:00
Summary
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30500 vulnerability.
References
- https://github.com/upx/upx/issues/485
- https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
- https://bugzilla.redhat.com/show_bug.cgi?id=1948692
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30471: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary…
Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T15:04:00
Summary
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.
Common Weakness Enumeration (CWE): CWE-674: Uncontrolled Recursion
CWE Description: The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30471 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30469: A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function…
Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T16:29:00
Summary
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30469 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-30470: A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(),…
Published: 2021-05-26T22:15:00 Last Modified: 2021-06-08T02:07:00
Summary
A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.
Common Weakness Enumeration (CWE): CWE-674: Uncontrolled Recursion
CWE Description: The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-30470 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3527: A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined…
Published: 2021-05-26T22:15:00 Last Modified: 2021-11-15T17:22:00
Summary
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.
Common Weakness Enumeration (CWE): CWE-770: Allocation of Resources Without Limits or Throttling
CWE Description: The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3527 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2021/05/05/5
- https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c
- https://bugzilla.redhat.com/show_bug.cgi?id=1955695
- https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986
- https://security.netapp.com/advisory/ntap-20210708-0008/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20297: A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a…
Published: 2021-05-26T21:15:00 Last Modified: 2021-06-03T17:20:00
Summary
A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20297 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25014: A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T22:00:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-908: Use of Uninitialized Resource
CWE Description: The software uses or accesses a resource that has not been initialized.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25014 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956927
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25009: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T22:00:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25009 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956917
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25013: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:45:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25013 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956926
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25011: A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T22:00:00
Summary
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25011 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956919
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25010: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T22:30:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25010 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956918
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2018-25012: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:46:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2018-25012 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956922
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36331: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:44:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36331 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956856
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36328: A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:45:00
Summary
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36328 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956829
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36329: A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread…
Published: 2021-05-21T17:15:00 Last Modified: 2021-12-01T14:44:00
Summary
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36329 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956843
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211112-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36330: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T19:43:00
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36330 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956853
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://www.debian.org/security/2021/dsa-4930
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/54
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-36332: A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an…
Published: 2021-05-21T17:15:00 Last Modified: 2021-11-30T19:43:00
Summary
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-36332 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956868
- https://www.debian.org/security/2021/dsa-4930
- https://security.netapp.com/advisory/ntap-20211104-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3426: There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to…
Published: 2021-05-20T13:15:00 Last Modified: 2022-02-07T16:16:00
Summary
There’s a flaw in Python 3’s pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 5.1
- CVSS: 2.7
- CVSS Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: ADJACENT_NETWORK
Currently, there is no code for exploiting the CVE-2021-3426 vulnerability.
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
- https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
- https://bugzilla.redhat.com/show_bug.cgi?id=1935913
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
- https://security.gentoo.org/glsa/202104-04
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
- https://security.netapp.com/advisory/ntap-20210629-0003/
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who…
Published: 2021-05-19T14:15:00 Last Modified: 2021-07-20T11:15:00
Summary
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.
Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature
CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3421 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1927747
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
- https://security.gentoo.org/glsa/202107-43
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3445: A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This…
Published: 2021-05-19T14:15:00 Last Modified: 2021-06-02T14:58:00
Summary
A flaw was found in libdnf’s signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-347: Improper Verification of Cryptographic Signature
CWE Description: The software does not verify, or incorrectly verifies, the cryptographic signature for data.
Scores
- Impact Score: 6.4
- Exploitability Score: 4.9
- CVSS: 5.1
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3445 vulnerability.
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4NL7TNWAHJ6JVRABQUPWHKKCTHUZMNF/
- https://bugzilla.redhat.com/show_bug.cgi?id=1932079
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPMFGGQ5T6WVFTFX3OKMVTTM5O4EXWZR/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3517: There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An…
Published: 2021-05-19T14:15:00 Last Modified: 2022-02-07T16:16:00
Summary
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3517 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1954232
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
- https://security.netapp.com/advisory/ntap-20210625-0002/
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/202107-05
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://security.netapp.com/advisory/ntap-20211022-0004/
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3518: There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted…
Published: 2021-05-18T12:15:00 Last Modified: 2021-12-09T21:30:00
Summary
There’s a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3518 vulnerability.
References
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1954242
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
- https://security.netapp.com/advisory/ntap-20210625-0002/
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://security.gentoo.org/glsa/202107-05
- https://support.apple.com/kb/HT212604
- https://support.apple.com/kb/HT212605
- https://support.apple.com/kb/HT212602
- https://support.apple.com/kb/HT212601
- http://seclists.org/fulldisclosure/2021/Jul/55
- http://seclists.org/fulldisclosure/2021/Jul/54
- http://seclists.org/fulldisclosure/2021/Jul/58
- http://seclists.org/fulldisclosure/2021/Jul/59
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3537: A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors…
Published: 2021-05-14T20:15:00 Last Modified: 2021-12-08T20:19:00
Summary
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3537 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1956522
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QVM4UJ3376I6ZVOYMHBNX4GY3NIV52WV/
- https://lists.debian.org/debian-lts-announce/2021/05/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZOMV5J4PMZAORVT64BKLV6YIZAFDGX6/
- https://security.netapp.com/advisory/ntap-20210625-0002/
- https://security.gentoo.org/glsa/202107-05
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27769: In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of…
Published: 2021-05-14T20:15:00 Last Modified: 2021-05-19T19:08:00
Summary
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type ‘float’ at MagickCore/quantize.c.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27769 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20221: An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller…
Published: 2021-05-13T16:15:00 Last Modified: 2021-12-10T19:56:00
Summary
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20221 vulnerability.
References
- https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1924601
- http://www.openwall.com/lists/oss-security/2021/02/05/1
- https://security.netapp.com/advisory/ntap-20210708-0005/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27824: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This…
Published: 2021-05-13T14:15:00 Last Modified: 2021-12-07T19:40:00
Summary
A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27824 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905723
- https://lists.debian.org/debian-lts-announce/2021/02/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQR4EWRFFZQDMFPZKFZ6I3USLMW6TKTP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJUPGIZE6A4O52EBOF75MCXJOL6MUCRV/
- https://www.debian.org/security/2021/dsa-4882
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3504: A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of…
Published: 2021-05-11T23:15:00 Last Modified: 2021-06-21T18:35:00
Summary
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.6
- CVSS: 5.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3504 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1949687
- https://lists.debian.org/debian-lts-announce/2021/05/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQXTEACRWYAZVNEOIWIYUFGG4GOXSQ22/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5BNKNVYFL36P2GBEB5O36LHFRYU575H/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in…
Published: 2021-05-06T17:15:00 Last Modified: 2022-01-01T17:51:00
Summary
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 8.5
- Exploitability Score: 3.9
- CVSS: 6.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-31916 vulnerability.
References
- https://seclists.org/oss-sec/2021/q1/268
- https://bugzilla.redhat.com/show_bug.cgi?id=1946965
- https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3507: A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It…
Published: 2021-05-06T16:15:00 Last Modified: 2021-06-01T14:55:00
Summary
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3507 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1951118
- https://security.netapp.com/advisory/ntap-20210528-0005/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3501: A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the…
Published: 2021-05-06T13:15:00 Last Modified: 2021-06-18T10:15:00
Summary
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.9
- CVSS: 3.6
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3501 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1950136
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a
- https://security.netapp.com/advisory/ntap-20210618-0008/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20254: A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs)…
Published: 2021-05-05T14:15:00 Last Modified: 2021-06-24T18:30:00
Summary
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
Common Weakness Enumeration (CWE): CWE-125: Out-of-bounds Read
CWE Description: The software reads data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 4.9
- Exploitability Score: 6.8
- CVSS: 4.9
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20254 vulnerability.
References
- https://security.netapp.com/advisory/ntap-20210430-0001/
- https://www.samba.org/samba/security/CVE-2021-20254.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1949442
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/
- https://security.gentoo.org/glsa/202105-22
- https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3472: A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in…
Published: 2021-04-26T15:15:00 Last Modified: 2021-05-19T12:54:00
Summary
A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-191: Integer Underflow (Wrap or Wraparound)
CWE Description: The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3472 vulnerability.
References
- https://lists.x.org/archives/xorg-announce/2021-April/003080.html
- https://seclists.org/oss-sec/2021/q2/20
- https://www.zerodayinitiative.com/advisories/ZDI-21-463/
- https://bugzilla.redhat.com/show_bug.cgi?id=1944167
- https://www.debian.org/security/2021/dsa-4893
- https://www.tenable.com/plugins/nessus/148701
- http://www.openwall.com/lists/oss-security/2021/04/13/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW/
- https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF/
- https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd
- https://security.gentoo.org/glsa/202104-02
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20208: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file…
Published: 2021-04-19T22:15:00 Last Modified: 2021-12-10T19:52:00
Summary
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Common Weakness Enumeration (CWE): CWE-266: Incorrect Privilege Assignment
CWE Description: A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Scores
- Impact Score: 4.9
- Exploitability Score: 6.8
- CVSS: 4.9
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20208 vulnerability.
References
- https://bugzilla.samba.org/show_bug.cgi?id=14651
- https://bugzilla.redhat.com/show_bug.cgi?id=1921116
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3497: GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing…
Published: 2021-04-19T21:15:00 Last Modified: 2021-04-27T16:48:00
Summary
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3497 vulnerability.
References
- https://gstreamer.freedesktop.org/security/sa-2021-0002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1945339
- https://www.debian.org/security/2021/dsa-4900
- https://lists.debian.org/debian-lts-announce/2021/04/msg00027.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3498: GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
Published: 2021-04-19T21:15:00 Last Modified: 2021-06-03T17:15:00
Summary
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3498 vulnerability.
References
- https://gstreamer.freedesktop.org/security/sa-2021-0003.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1945342
- https://www.debian.org/security/2021/dsa-4900
- http://packetstormsecurity.com/files/162952/Gstreamer-Matroska-Demuxing-Use-After-Free.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3505: A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit…
Published: 2021-04-19T21:15:00 Last Modified: 2021-06-03T16:19:00
Summary
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-331: Insufficient Entropy
CWE Description: The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3505 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1950046
- https://github.com/stefanberger/libtpms/issues/183
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NUCZX4S53TUNTSGTCRDNOQZV2V2RI4RJ/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3487: There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a…
Published: 2021-04-15T14:15:00 Last Modified: 2021-05-04T12:55:00
Summary
There’s a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3487 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1947111
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3482: A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation…
Published: 2021-04-08T23:15:00 Last Modified: 2021-09-21T18:15:00
Summary
A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of the rawData.size property in Jp2Image::readMetadata() in jp2image.cpp can lead to a heap-based buffer overflow via a crafted JPG image containing malicious EXIF data.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 4.9
- Exploitability Score: 10.0
- CVSS: 6.4
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3482 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1946314
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2A5GMJEXQ5Q76JK6F6VKK5JYCLVFGKN/
- https://www.debian.org/security/2021/dsa-4958
- https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3448: A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for…
Published: 2021-04-08T23:15:00 Last Modified: 2022-02-07T16:16:00
Summary
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.
Common Weakness Enumeration (CWE): CWE-358: Improperly Implemented Security Check for Standard
CWE Description: The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: NONE
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3448 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939368
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GHURNEHHUBSW45KMIZ4FNBCSUPWPGV5V/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHG7GWSQWKF7JXIMLOGJBKZWBB4VIAJ7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVTJUOFFFHINLKWAOC2ZSC5MOPD4SJ24/
- https://security.gentoo.org/glsa/202105-20
- https://www.oracle.com/security-alerts/cpujan2022.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20305: A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification…
Published: 2021-04-05T22:15:00 Last Modified: 2021-12-06T13:57:00
Summary
A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20305 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1942533
- https://security.gentoo.org/glsa/202105-31
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/
- https://www.debian.org/security/2021/dsa-4933
- https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
- https://security.netapp.com/advisory/ntap-20211022-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20291: A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1….
Published: 2021-04-01T18:15:00 Last Modified: 2021-06-02T13:13:00
Summary
A deadlock vulnerability was found in ‘github.com/containers/storage’ in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
Common Weakness Enumeration (CWE): CWE-667: Improper Locking
CWE Description: The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20291 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939485
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/
- https://unit42.paloaltonetworks.com/cve-2021-20291/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3393: An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before…
Published: 2021-04-01T14:15:00 Last Modified: 2021-06-04T19:04:00
Summary
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read.
Common Weakness Enumeration (CWE): CWE-209: Generation of Error Message Containing Sensitive Information
CWE Description: The software generates an error message that includes sensitive information about its environment, users, or associated data.
Scores
- Impact Score: 2.9
- Exploitability Score: 6.8
- CVSS: 3.5
- CVSS Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3393 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1924005
- https://security.netapp.com/advisory/ntap-20210507-0006/
- https://security.gentoo.org/glsa/202105-32
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20271: A flaw was found in RPM’s signature check functionality when reading a package file. This flaw…
Published: 2021-03-26T17:15:00 Last Modified: 2021-12-10T19:50:00
Summary
A flaw was found in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.
Common Weakness Enumeration (CWE): CWE-345: Insufficient Verification of Data Authenticity
CWE Description: The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Scores
- Impact Score: 6.4
- Exploitability Score: 4.9
- CVSS: 5.1
- CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20271 vulnerability.
References
- https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21
- https://bugzilla.redhat.com/show_bug.cgi?id=1934125
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
- https://security.gentoo.org/glsa/202107-43
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20197: There is an open race window when writing output in the following utilities in GNU binutils…
Published: 2021-03-26T17:15:00 Last Modified: 2021-05-28T10:15:00
Summary
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)
CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Scores
- Impact Score: 4.9
- Exploitability Score: 3.4
- CVSS: 3.3
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20197 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1913743
- https://sourceware.org/bugzilla/show_bug.cgi?id=26945
- https://security.netapp.com/advisory/ntap-20210528-0009/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35518: When binding against a DN during authentication, the reply from 389-ds-base will be different…
Published: 2021-03-26T17:15:00 Last Modified: 2021-04-01T14:56:00
Summary
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-35518 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905565
- https://github.com/389ds/389-ds-base/issues/4480
- https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc
- https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35508: A flaw possibility of race condition and incorrect initialization of the process id was found in…
Published: 2021-03-26T17:15:00 Last Modified: 2021-12-16T20:42:00
Summary
A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process.
Common Weakness Enumeration (CWE): CWE-665: Improper Initialization
CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-35508 vulnerability.
References
- https://github.com/torvalds/linux/commit/b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948
- https://bugzilla.redhat.com/show_bug.cgi?id=1902724
- https://security.netapp.com/advisory/ntap-20210513-0006/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3443: A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled…
Published: 2021-03-25T19:15:00 Last Modified: 2021-03-30T16:52:00
Summary
A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3443 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3446: A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms…
Published: 2021-03-25T19:15:00 Last Modified: 2021-03-26T18:01:00
Summary
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.
Common Weakness Enumeration (CWE): CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE Description: The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3446 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3466: A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function…
Published: 2021-03-25T19:15:00 Last Modified: 2021-12-15T14:38:00
Summary
A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.
Common Weakness Enumeration (CWE): CWE-120: Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE Description: The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Scores
- Impact Score: 10.0
- Exploitability Score: 10.0
- CVSS: 10.0
- CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3466 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1939127
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334XJNDJPYQNFE6S3S2KUJJ7TMHYCWL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5NEPVGP3L2CZHLZ4UB44PEILHKPDBOG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/75HDMREKITMGPGE62NP7KE62ZJVLETXN/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3409: The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU…
Published: 2021-03-23T21:15:00 Last Modified: 2021-05-07T05:15:00
Summary
The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable to the out-of-bounds read/write access issues previously found in the SDHCI controller emulation code. This flaw allows a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or potential code execution. QEMU up to (including) 5.2.0 is affected by this.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3409 vulnerability.
References
- https://www.openwall.com/lists/oss-security/2021/03/09/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1928146
- https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
- https://security.netapp.com/advisory/ntap-20210507-0001/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when…
Published: 2021-03-23T17:15:00 Last Modified: 2021-12-10T17:04:00
Summary
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the “exception” keyword.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20270 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1922136
- https://www.debian.org/security/2021/dsa-4889
- https://lists.debian.org/debian-lts-announce/2021/05/msg00003.html
- https://lists.debian.org/debian-lts-announce/2021/05/msg00006.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-10196: A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent…
Published: 2021-03-19T20:15:00 Last Modified: 2021-03-25T19:21:00
Summary
A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.
Common Weakness Enumeration (CWE): CWE-665: Improper Initialization
CWE Description: The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Scores
- Impact Score: 8.5
- Exploitability Score: 10.0
- CVSS: 9.0
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-10196 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3416: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in…
Published: 2021-03-18T20:15:00 Last Modified: 2022-01-04T16:38:00
Summary
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.
Common Weakness Enumeration (CWE): CWE-835: Loop with Unreachable Exit Condition (‘Infinite Loop’)
CWE Description: The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Scores
- Impact Score: 2.9
- Exploitability Score: 3.9
- CVSS: 2.1
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3416 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1932827
- https://www.openwall.com/lists/oss-security/2021/02/26/1
- https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html
- https://security.netapp.com/advisory/ntap-20210507-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2019-14850: A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker…
Published: 2021-03-18T19:15:00 Last Modified: 2021-03-24T18:05:00
Summary
A denial of service vulnerability was discovered in nbdkit 1.12.7, 1.14.1 and 1.15.1. An attacker could connect to the nbdkit service and cause it to perform a large amount of work in initializing backend plugins, by simply opening a connection to the service. This vulnerability could cause resource consumption and degradation of service in nbdkit, depending on the plugins configured on the server-side.
Common Weakness Enumeration (CWE): CWE-406: Insufficient Control of Network Message Volume (Network Amplification)
CWE Description: The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.
Scores
- Impact Score: 2.9
- Exploitability Score: 4.9
- CVSS: 2.6
- CVSS Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2019-14850 vulnerability.
References
- https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1757258
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27827: A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause…
Published: 2021-03-18T17:15:00 Last Modified: 2021-08-04T17:14:00
Summary
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-400: Uncontrolled Resource Consumption
CWE Description: The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27827 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1921438
- https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20286: A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may…
Published: 2021-03-15T18:15:00 Last Modified: 2021-03-22T14:32:00
Summary
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
Common Weakness Enumeration (CWE): CWE-617: Reachable Assertion
CWE Description: The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20286 vulnerability.
References
- https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0
- https://bugzilla.redhat.com/show_bug.cgi?id=1934727
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20179: A flaw was found in pki-core. An attacker who has successfully compromised a key could use this…
Published: 2021-03-15T13:15:00 Last Modified: 2021-03-24T01:58:00
Summary
A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 4.9
- Exploitability Score: 8.0
- CVSS: 5.5
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20179 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1914379
- https://github.com/dogtagpki/pki/pull/3475
- https://github.com/dogtagpki/pki/pull/3476
- https://github.com/dogtagpki/pki/pull/3474
- https://github.com/dogtagpki/pki/pull/3477
- https://github.com/dogtagpki/pki/pull/3478
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3I7BRAHLE2WWSY76W3CKFCF5WSSAE24/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDOLFOLEIV7I4EUC3SCZBXL6E2ER7ZEN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRE44N6P24AEDKRMWK7RPRLMCUUBRJII/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20231: A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead…
Published: 2021-03-12T19:15:00 Last Modified: 2021-06-01T14:07:00
Summary
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20231 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1922276
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
- https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210416-0005/
- https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20232: A flaw was found in gnutls. A use after free issue in client_send_params in…
Published: 2021-03-12T19:15:00 Last Modified: 2021-05-17T14:30:00
Summary
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 10.0
- CVSS: 7.5
- CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20232 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1922275
- https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/
- https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210416-0005/
- https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20261: A race condition was found in the Linux kernels implementation of the floppy disk drive…
Published: 2021-03-11T21:15:00 Last Modified: 2021-03-19T13:08:00
Summary
A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.
Common Weakness Enumeration (CWE): CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
CWE Description: The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.4
- CVSS: 4.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20261 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0c80efe5956ccce9fe7ae5c78542578c07bc20a
- https://bugzilla.redhat.com/show_bug.cgi?id=1932150
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35521: A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF…
Published: 2021-03-09T20:15:00 Last Modified: 2021-05-21T09:15:00
Summary
A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-35521 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1932034
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMHBYFMX3D5VGR6Y3RXTTH3Q4NF4E6IG/
- https://security.gentoo.org/glsa/202104-06
- https://security.netapp.com/advisory/ntap-20210521-0009/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3411: A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was…
Published: 2021-03-09T20:15:00 Last Modified: 2021-05-21T15:30:00
Summary
A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-94: Improper Control of Generation of Code (‘Code Injection’)
CWE Description: The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-3411 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20244: A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted…
Published: 2021-03-09T19:15:00 Last Modified: 2021-03-25T18:45:00
Summary
A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20244 vulnerability.
References
- https://github.com/ImageMagick/ImageMagick/pull/3194
- https://bugzilla.redhat.com/show_bug.cgi?id=1928959
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20245: A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is…
Published: 2021-03-09T19:15:00 Last Modified: 2022-01-01T18:02:00
Summary
A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20245 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1928943
- https://github.com/ImageMagick/ImageMagick/issues/3176
- https://lists.debian.org/debian-lts-announce/2021/06/msg00000.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20246: A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file…
Published: 2021-03-09T19:15:00 Last Modified: 2021-03-25T18:46:00
Summary
A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 6.9
- Exploitability Score: 8.6
- CVSS: 7.1
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20246 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1928941
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25639: A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality…
Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:47:00
Summary
A NULL pointer dereference flaw was found in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 6.9
- Exploitability Score: 3.9
- CVSS: 4.9
- CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25639 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1876995
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SUCBCKRHWP3UD2AVVYQJE7BIJEMCMXW5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HE4CT3NL6OEBRRBUKHIX63GLNVOWCVRW/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3404: In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-…
Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:22:00
Summary
In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.
Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3404 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-3403: In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a…
Published: 2021-03-04T22:15:00 Last Modified: 2021-03-10T20:24:00
Summary
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 6.4
- Exploitability Score: 8.6
- CVSS: 6.8
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-3403 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20225: A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20225 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1924696
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20233: A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs a length calculation on the assumption that expressing a quoted single quote will require 3 characters, while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20233 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1926263
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-14372: A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability is to data confidentiality and integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-184: Incomplete List of Disallowed Inputs
CWE Description: The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
Scores
- Impact Score: 10.0
- Exploitability Score: 1.9
- CVSS: 6.2
- CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: HIGH
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-14372 vulnerability.
References
- https://access.redhat.com/security/vulnerabilities/RHSB-2021-003
- https://bugzilla.redhat.com/show_bug.cgi?id=1873150
- https://security.netapp.com/advisory/ntap-20210416-0004/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25632: A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the…
Published: 2021-03-03T17:15:00 Last Modified: 2021-12-16T20:42:00
Summary
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25632 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1879577
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25647: A flaw was found in grub2 in versions prior to 2.06. During USB device initialization,…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25647 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1886936
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27749: A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage, without sufficient bounds checking. If the function is called with a command line that references a variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack frame and control execution which could also circumvent Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-121: Stack-based Buffer Overflow
CWE Description: A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27749 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1899966
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27779: A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure…
Published: 2021-03-03T17:15:00 Last Modified: 2021-05-01T02:15:00
Summary
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub’s memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-285: Improper Authorization
CWE Description: The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27779 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1900698
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R/
- https://security.gentoo.org/glsa/202104-05
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20194: There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with…
Published: 2021-02-23T23:15:00 Last Modified: 2021-03-31T12:29:00
Summary
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.
Common Weakness Enumeration (CWE): CWE-20: Improper Input Validation
CWE Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20194 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1912683
- https://security.netapp.com/advisory/ntap-20210326-0003/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20229: A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT…
Published: 2021-02-23T18:15:00 Last Modified: 2021-06-09T15:01:00
Summary
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2021-20229 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1925296
- https://security.netapp.com/advisory/ntap-20210326-0005/
- https://security.gentoo.org/glsa/202105-32
See also: All popular products CVE Vulnerabilities of redhat
CVE-2021-20188: A flaw was found in podman before 1.7.0. File permissions for non-root users running in a…
Published: 2021-02-11T18:15:00 Last Modified: 2021-02-17T20:12:00
Summary
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-863: Incorrect Authorization
CWE Description: The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.4
- CVSS: 6.9
- CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2021-20188 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35513: A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network…
Published: 2021-01-26T18:15:00 Last Modified: 2021-02-02T19:39:00
Summary
A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service.
Common Weakness Enumeration (CWE): CWE-271: Privilege Dropping / Lowering Errors
CWE Description: The software does not drop privileges before passing control of a resource to an actor that does not have those privileges.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.0
- CVSS: 4.0
- CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: SINGLE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-35513 vulnerability.
References
- https://patchwork.kernel.org/project/linux-nfs/patch/20180403203916.GH20297@fieldses.org/
- https://bugzilla.redhat.com/show_bug.cgi?id=1911309
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25657: A flaw was found in all released versions of m2crypto, where they are vulnerable to…
Published: 2021-01-12T15:15:00 Last Modified: 2021-04-07T14:58:00
Summary
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact
- Availability: NONE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25657 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-35507: There’s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34…
Published: 2021-01-04T15:15:00 Last Modified: 2021-07-10T05:15:00
Summary
There’s a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-35507 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1911691
- https://security.netapp.com/advisory/ntap-20210212-0007/
- https://security.gentoo.org/glsa/202107-24
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27846: A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to…
Published: 2020-12-21T16:15:00 Last Modified: 2021-03-31T15:17:00
Summary
A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-115: Misinterpretation of Input
CWE Description: The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
Scores
- Impact Score: 10.0
- Exploitability Score: 10.0
- CVSS: 10.0
- CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27846 vulnerability.
References
- https://github.com/crewjam/saml/security/advisories/GHSA-4hq8-gmxx-h6w9
- https://bugzilla.redhat.com/show_bug.cgi?id=1907670
- https://grafana.com/blog/2020/12/17/grafana-6.7.5-7.2.3-and-7.3.6-released-with-important-security-fix-for-grafana-enterprise/
- https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICP3YRY2VUCNCF2VFUSK77ZMRIC77FEM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YUTKIRWT6TWU7DS6GF3EOANVQBFQZYI/
- https://security.netapp.com/advisory/ntap-20210205-0002/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25712: A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo…
Published: 2020-12-15T17:15:00 Last Modified: 2020-12-16T21:42:00
Summary
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Common Weakness Enumeration (CWE): CWE-122: Heap-based Buffer Overflow
CWE Description: A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Scores
- Impact Score: 6.4
- Exploitability Score: 3.9
- CVSS: 4.6
- CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact
- Availability: PARTIAL
- Confidentiality: PARTIAL
- Integrity: PARTIAL
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-25712 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1887276
- https://lists.x.org/archives/xorg-announce/2020-December/003066.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On…
Published: 2020-12-15T17:15:00 Last Modified: 2020-12-22T17:18:00
Summary
A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.
Common Weakness Enumeration (CWE): CWE-862: Missing Authorization
CWE Description: The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27777 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?h=next&id=bd59380c5ba4147dcbaad3e582b55ccfd120b764
- https://www.openwall.com/lists/oss-security/2020/11/23/2
- https://www.openwall.com/lists/oss-security/2020/10/09/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1900844
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1)….
Published: 2020-12-11T19:15:00 Last Modified: 2021-07-15T19:16:00
Summary
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 7.8
- Exploitability Score: 3.4
- CVSS: 5.4
- CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:C
Impact
- Availability: COMPLETE
- Confidentiality: PARTIAL
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27825 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1905155
- https://www.debian.org/security/2021/dsa-4843
- https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html
- https://security.netapp.com/advisory/ntap-20210521-0008/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27786: A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local…
Published: 2020-12-11T05:15:00 Last Modified: 2021-07-15T19:16:00
Summary
A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for memory corruption or privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Common Weakness Enumeration (CWE): CWE-416: Use After Free
CWE Description: Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Scores
- Impact Score: 10.0
- Exploitability Score: 3.9
- CVSS: 7.2
- CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Impact
- Availability: COMPLETE
- Confidentiality: COMPLETE
- Integrity: COMPLETE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: LOCAL
Currently, there is no code for exploiting the CVE-2020-27786 vulnerability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d
- https://bugzilla.redhat.com/show_bug.cgi?id=1900933
- https://security.netapp.com/advisory/ntap-20210122-0002/
- http://www.openwall.com/lists/oss-security/2020/12/03/1
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-25692: A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during…
Published: 2020-12-08T01:15:00 Last Modified: 2021-01-08T12:15:00
Summary
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
Common Weakness Enumeration (CWE): CWE-476: NULL Pointer Dereference
CWE Description: NULL pointer dereferences are frequently resultant from rarely encountered error conditions, since these are most likely to escape detection during the testing phases.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-25692 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1894567
- https://security.netapp.com/advisory/ntap-20210108-0006/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-29573: sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has…
Published: 2020-12-06T00:15:00 Last Modified: 2021-01-26T18:15:00
Summary
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of “Fixed for glibc 2.33” in the 26649 reference.
Common Weakness Enumeration (CWE): CWE-787: Out-of-bounds Write
CWE Description: The software writes data past the end, or before the beginning, of the intended buffer.
Scores
- Impact Score: 2.9
- Exploitability Score: 10.0
- CVSS: 5.0
- CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: LOW
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-29573 vulnerability.
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=26649
- https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html
- https://security.gentoo.org/glsa/202101-20
- https://security.netapp.com/advisory/ntap-20210122-0004/
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27773: A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted…
Published: 2020-12-04T22:15:00 Last Modified: 2021-06-02T19:07:00
Summary
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27773 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898295
- https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27772: A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is…
Published: 2020-12-04T22:15:00 Last Modified: 2021-06-02T19:08:00
Summary
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned int. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27772 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898291
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27776: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file…
Published: 2020-12-04T21:15:00 Last Modified: 2021-06-02T18:57:00
Summary
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27776 vulnerability.
References
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27775: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file…
Published: 2020-12-04T21:15:00 Last Modified: 2021-06-02T19:04:00
Summary
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27775 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898300
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27774: A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file…
Published: 2020-12-04T21:15:00 Last Modified: 2021-04-28T16:46:00
Summary
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type ssize_t. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27774 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1898296
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27767: A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file…
Published: 2020-12-04T15:15:00 Last Modified: 2021-06-02T18:20:00
Summary
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types float and unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-190: Integer Overflow or Wraparound
CWE Description: The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact
- Availability: PARTIAL
- Confidentiality: NONE
- Integrity: NONE
Access
- Authentication: NONE
- Complexity: MEDIUM
- Vector: NETWORK
Currently, there is no code for exploiting the CVE-2020-27767 vulnerability.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1894687
- https://lists.debian.org/debian-lts-announce/2021/03/msg00030.html
See also: All popular products CVE Vulnerabilities of redhat
CVE-2020-27765: A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file…
Published: 2020-12-04T15:15:00 Last Modified: 2021-06-02T19:16:00
Summary
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.
Common Weakness Enumeration (CWE): CWE-369: Divide By Zero
CWE Description: The product divides a value by zero.
Scores
- Impact Score: 2.9
- Exploitability Score: 8.6
- CVSS: 4.3
- CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P